Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    New Coder
    Join Date
    Jul 2010
    Posts
    47
    Thanks
    11
    Thanked 0 Times in 0 Posts

    help needed. very simple

    Hello

    i'm a php programmer and dont know nothing about ASP

    this script changes user's password in microsoft access database :

    Code:
    <%@ Page Language="VB" %>
    <script runat="server">
    
        Function checkuser(ByVal tAC_ID As String, ByVal tAC_Attr As String, ByVal tAC_Val As String) As System.Data.DataSet
                Dim connectionString As String = "Provider=Microsoft.Jet.OLEDB.4.0; Ole DB Services=-4; Data Source=C:\NTTacPlus2\ODBC\NTTacDB.mdb"
                Dim dbConnection As System.Data.IDbConnection = New System.Data.OleDb.OleDbConnection(connectionString)
        
                Dim queryString As String = "SELECT [TAC_USR].[TAC_ID], [TAC_USR].[TAC_Attr], [TAC_USR].[TAC_Val] FROM [TAC_USR] WHERE (([TAC_USR].[TAC_ID] = @TAC_ID) AND ([TAC_USR].[TAC_Attr] = @TAC_Attr) AND ([TAC_USR].[TAC_Val] = @TAC_Val))"
                Dim dbCommand As System.Data.IDbCommand = New System.Data.OleDb.OleDbCommand
                dbCommand.CommandText = queryString
                dbCommand.Connection = dbConnection
        
                Dim dbParam_tAC_ID As System.Data.IDataParameter = New System.Data.OleDb.OleDbParameter
                dbParam_tAC_ID.ParameterName = "@TAC_ID"
                dbParam_tAC_ID.Value = tAC_ID
                dbParam_tAC_ID.DbType = System.Data.DbType.String
                dbCommand.Parameters.Add(dbParam_tAC_ID)
                Dim dbParam_tAC_Attr As System.Data.IDataParameter = New System.Data.OleDb.OleDbParameter
                dbParam_tAC_Attr.ParameterName = "@TAC_Attr"
                dbParam_tAC_Attr.Value = tAC_Attr
                dbParam_tAC_Attr.DbType = System.Data.DbType.String
                dbCommand.Parameters.Add(dbParam_tAC_Attr)
                Dim dbParam_tAC_Val As System.Data.IDataParameter = New System.Data.OleDb.OleDbParameter
                dbParam_tAC_Val.ParameterName = "@TAC_Val"
                dbParam_tAC_Val.Value = tAC_Val
                dbParam_tAC_Val.DbType = System.Data.DbType.String
                dbCommand.Parameters.Add(dbParam_tAC_Val)
        
                Dim dataAdapter As System.Data.IDbDataAdapter = New System.Data.OleDb.OleDbDataAdapter
                dataAdapter.SelectCommand = dbCommand
                Dim dataSet As System.Data.DataSet = New System.Data.DataSet
                dataAdapter.Fill(dataSet)
        
                Return dataSet
            End Function
        
        
            Function ChangeDB(ByVal tAC_ID As String, ByVal tAC_Attr As String, ByVal tAC_Val As String) As Integer
                Dim connectionString As String = "Provider=Microsoft.Jet.OLEDB.4.0; Ole DB Services=-4; Data Source=C:\NTTacPlus2\ODBC\NTTacDB.mdb"
                Dim dbConnection As System.Data.IDbConnection = New System.Data.OleDb.OleDbConnection(connectionString)
        
                Dim queryString As String = "UPDATE [TAC_GRP] SET [TAC_ID]=@TAC_ID, [TAC_Attr]=@TAC_Attr, [TAC_Val]=@TAC_Val"
                Dim dbCommand As System.Data.IDbCommand = New System.Data.OleDb.OleDbCommand
                dbCommand.CommandText = queryString
                dbCommand.Connection = dbConnection
        
                Dim dbParam_tAC_ID As System.Data.IDataParameter = New System.Data.OleDb.OleDbParameter
                dbParam_tAC_ID.ParameterName = "@TAC_ID"
                dbParam_tAC_ID.Value = tAC_ID
                dbParam_tAC_ID.DbType = System.Data.DbType.String
                dbCommand.Parameters.Add(dbParam_tAC_ID)
                Dim dbParam_tAC_Attr As System.Data.IDataParameter = New System.Data.OleDb.OleDbParameter
                dbParam_tAC_Attr.ParameterName = "@TAC_Attr"
                dbParam_tAC_Attr.Value = tAC_Attr
                dbParam_tAC_Attr.DbType = System.Data.DbType.String
                dbCommand.Parameters.Add(dbParam_tAC_Attr)
                Dim dbParam_tAC_Val As System.Data.IDataParameter = New System.Data.OleDb.OleDbParameter
                dbParam_tAC_Val.ParameterName = "@TAC_Val"
                dbParam_tAC_Val.Value = tAC_Val
                dbParam_tAC_Val.DbType = System.Data.DbType.String
                dbCommand.Parameters.Add(dbParam_tAC_Val)
        
                Dim rowsAffected As Integer = 0
                dbConnection.Open
                Try
                    rowsAffected = dbCommand.ExecuteNonQuery
                Finally
                    dbConnection.Close
                End Try
        
                Return rowsAffected
            End Function
        
        
        
        
            Sub Button1_Click(sender As Object, e As EventArgs)
                label1.text=""
                Dim userDS As New System.Data.DataSet
                userDS = checkuser(txtUsername.text , "[Global]Passwd" , txtPassword.text )
                if not txtcNPassword.text = txtNPassword.text then
                    label1.text = "New password is not match with its confirmation."
                else If userDS.Tables(0).Rows.Count = 1 Then
                        ChangeDB(ltrim(rtrim(txtUsername.text)),"[Global]Passwd",ltrim(rtrim(txtNPassword.text)))
                        label1.text = "Your password is changed."
                 Else
                            label1.text = "Invalid username or password"
                 end if
            End Sub
    
    </script>
    <html>
    <head>
        <title>Change Password</title> 
        <meta content="Sadjad Seyed-Ahmadian" name="Programmer" />
        <meta content="Microsoft FrontPage 5.0" name="GENERATOR" />
        <meta content="FrontPage.Editor.Document" name="ProgId" />
    </head>
    <body>
        <form runat="server">
            <table id="AutoNumber1" style="BORDER-COLLAPSE: collapse" bordercolor="#111111" cellspacing="0" cellpadding="0" width="520" border="0">
                <tbody>
                    <tr>
                        <td width="919" colspan="2">
                            <b><font color="#3366cc" size="7">C</font></b><font color="#3366cc" size="7"><b>hange
                            Password</b></font></td>
                    </tr>
                    <tr>
                        <td width="200">
                            &nbsp; Username :</td>
                        <td width="719">
                            &nbsp; 
                            <asp:TextBox id="txtUsername" runat="server" BorderColor="DarkGoldenrod" BorderStyle="Dotted" BorderWidth="1px" Font-Size="X-Small" Width="120px">
                            </asp:TextBox>
                        </td>
                    </tr>
                    <tr>
                        <td width="200">
                            &nbsp; Password :</td>
                        <td width="719">
                            &nbsp; 
                            <asp:TextBox id="txtPassword" runat="server" BorderColor="DarkGoldenrod" BorderStyle="Dotted" BorderWidth="1px" Font-Size="X-Small" Width="120px" TextMode="Password">
                            </asp:TextBox>
                        </td>
                    </tr>
                    <tr>
                        <td width="137">
                            <p align="left">
                                &nbsp;&nbsp;New Password : 
                            </p>
                        </td>
                        <td width="383">
                            &nbsp; 
                            <asp:TextBox id="txtNPassword" runat="server" BorderColor="DarkGoldenrod" BorderStyle="Dotted" BorderWidth="1px" Font-Size="X-Small" Width="120px" TextMode="Password">
                            </asp:TextBox>
                        </td>
                    </tr>
                    <tr>
                        <td width="137">
                            &nbsp;&nbsp;Confirm Password :</td>
                        <td width="383">
                            &nbsp; 
                            <asp:TextBox id="txtCNPassword" runat="server" BorderColor="DarkGoldenrod" BorderStyle="Dotted" BorderWidth="1px" Font-Size="X-Small" Width="120px" TextMode="Password">
                            </asp:TextBox>
                        </td>
                    </tr>
                    <tr>
                        <td width="137">
                            &nbsp;<asp:Button id="Button1" onclick="Button1_Click" runat="server" BorderColor="DarkGoldenrod" BorderStyle="Dotted" BorderWidth="1px" Font-Size="X-Small" Width="129px" Text="Change Password"></asp:Button>
                        </td>
                        <td width="383">
                            &nbsp;<asp:Label id="Label1" runat="server" font-size="Medium" forecolor="Red"></asp:Label> 
                        </td>
                    </tr>
                    <tr>
                        <td width="520" colspan="2" height="160">&nbsp;
                            </td>
                    </tr>
                </tbody>
            </table>
            <p>
            </p>
        </form>
    </body>
    </html>

    Passwords are stored in database as encrypted. but i dont know how they are encrypted.

    i'm wroting a php program and need to know how can i encrypt passwords like this. (what algorithm this uses)

    this script gets new password and stores it on database. i read all codes but didnt found out that how this script encrypts password,

    could you please tell me in which line program goes to convert password?

    thanks

  • #2
    Senior Coder
    Join Date
    Dec 2002
    Location
    Arlington, Texas USA
    Posts
    1,072
    Thanks
    4
    Thanked 8 Times in 8 Posts
    I am not too familiar with vb.Net but it looks to me like it is passing a key with the "[Global]Passwd" (located in the Button1_click sub) it is the value tAC_Attr in the other 2 functions

    I would say that is the part that is doing the encrypting

  • #3
    New Coder
    Join Date
    Jul 2010
    Posts
    47
    Thanks
    11
    Thanked 0 Times in 0 Posts
    tnx for reply.

    global[passwd] is field name on database

  • #4
    New Coder
    Join Date
    Jul 2010
    Posts
    47
    Thanks
    11
    Thanked 0 Times in 0 Posts
    i have attached a program's source which decodes this passwords.
    Attached Files Attached Files

  • #5
    Senior Coder
    Join Date
    Dec 2002
    Location
    Arlington, Texas USA
    Posts
    1,072
    Thanks
    4
    Thanked 8 Times in 8 Posts
    Quote Originally Posted by ataomega View Post
    tnx for reply.

    global[passwd] is field name on database
    Not according to the SQL query
    SELECT [TAC_USR].[TAC_ID], [TAC_USR].[TAC_Attr], [TAC_USR].[TAC_Val] FROM [TAC_USR]

    TAC_USR is the table name
    TAC_ID, TAC_Attr, TAC_Val are the columns

  • #6
    New Coder
    Join Date
    Jul 2010
    Posts
    47
    Thanks
    11
    Thanked 0 Times in 0 Posts
    no, please see : (part of database i have exported)

    Code:
    TAC_ID	TAC_Attr	TAC_Val
    AnalogicUser 	[Global]Groups 	AnalogicOnlyPPP 
    AnalogicUser 	[Global]Name 	Analogic user 
    Default 	[Global]Groups 	standard 
    Default 	[Global]Name 	Default user 
    ISDNUser 	[Global]Groups 	ISDNOnlyPPP 
    ISDNUser 	[Global]Name 	ISDN user 
    pars 	[Global]Expires 	#356 
    pars 	[Global]Passwd 	+@96CA30F8 
    pars 	[Global]Groups 	PPP 
    pars 	[Global]EffectiveFrom 	28-04-2012 
    pars 	[Warning]FailedLogins 	0 
    pars 	[Warning]ExpireStatus 	0 
    DEFAULT 	[Warning]FailedLogins 	0 
    DEFAULT 	[Warning]LastFailedLogin 	06-06-2012 13:53:49 
    Admin 	[Global]Groups 	Admin 
    Admin 	[Global]Name 	Administrator 
    Admin 	[Global]Passwd 	netihaa 
    DEFAULT 	[Warning]ExpireStatus 	0 
    User 	[Global]Groups 	Standard,PPP 
    User 	[Global]Name 	mydsoftware 
    User 	[Global]Expires 	#60 
    User 	[Global]MaxLogins 	1 
    User 	[Global]Passwd 	1990415121 
    mydsoftware 	[Global]Expires 	#60 
    mydsoftware 	[Global]Passwd 	+@D7927BBBCA6E80B29C47 
    mydsoftware 	[Global]Groups 	PPP,Standard 
    mydsoftware 	[Global]Name 	mydsoftware 
    mydsoftware 	[Global]MaxLogins 	1 
    mydsoftware 	[Warning]FailedLogins 	0 
    mydsoftware 	[Warning]ExpireStatus 	0 
    mydsoftware 	[Global]EffectiveFrom 	30-04-2012 
    arya1376 	[Global]Name 	arya1376 
    arya1376 	[Global]Expires 	#30 
    arya1376 	[Global]MaxLogins 	1 
    arya1376 	[Global]Passwd 	+@87D93BEACF6C82B5 
    arya1376 	[Global]Groups 	Standard,PPP

  • #7
    New to the CF scene
    Join Date
    Jul 2012
    Location
    australia
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    do you use MS Access database for your PHP application?
    if you are using MySQL database, it should be encrypted by itself using MD5


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •