Visual Basic .NET 中的 Joomla 密码验证

发布于 2024-12-11 08:53:22 字数 1578 浏览 0 评论 0原文

我已经成功地远程连接到我的 Joomla! 的 MySQL 数据库。 1.5 网站在 Visual Basic .NET 2010 中使用 MySqlConnector。

现在，我尝试从以简单表单提交的值到从 MySQL 查询检索到的值来验证用户的密码。

我在forums.joomla.org上发现了一个有用的帖子，标题为“Joomla密码MD5和VB.NET MD5”，但是那里的代码片段产生了不正确的哈希值。

这是另一个有用的 Joomla 论坛帖子，介绍如何密码加密（使用 MD5 哈希和“盐”）在 Joomla DB 中。

下面是代码的修改版本：

Imports System.Text
Imports System.Security.Cryptography

...

Private Function JoomlaUserAuth(ByVal Password As String, ByVal EncryptedPassword As String) As Boolean

    'HashedPassword:Salt = value from Joomla DB

    Dim Values() As String = Split(EncryptedPassword, ":")
    Dim HashedPassword As String = Values(0)
    Dim Salt As String = Values(1)


    Dim NewHashedPassword As String = GetHash(Password & Salt)

    Return NewHashedPassword.Equals(HashedPassword)

End Function


Private Function GetHash(ByVal StringToHash As String) As String
    Dim md5 As New MD5CryptoServiceProvider()
    Dim encoder As New UTF7Encoding()
    Dim encStringBytes As [Byte]()

    encStringBytes = encoder.GetBytes(StringToHash)
    encStringBytes = md5.ComputeHash(encStringBytes)

    Dim strHex As String = String.Empty
    For Each B As Byte In encStringBytes
        strHex &= String.Format("{0:x2}", B)
    Next

    Return strHex

End Function

结果是，使用正确的密码/DB 加密密码组合时，“NewHashedPassword”和“HashedPassword”非常不同。有什么想法吗？

原文

I have managed to successfully connect remotely to the MySQL database for my Joomla! 1.5 website using MySqlConnector in Visual Basic .NET 2010.

Now I am trying to authenticate a user's password from values submitted in a simple form to those retrieved from a MySQL query.

I found a useful thread on forums.joomla.org titled "Joomla password MD5 & VB.NET MD5", but the code snippets there produce the incorrect hash.

Here is another useful Joomla Forums thread as to how passwords are encrypted (using MD5 hash and "salt") in the Joomla DB.

Here is a modified version of the code:

Imports System.Text
Imports System.Security.Cryptography

...

Private Function JoomlaUserAuth(ByVal Password As String, ByVal EncryptedPassword As String) As Boolean

    'HashedPassword:Salt = value from Joomla DB

    Dim Values() As String = Split(EncryptedPassword, ":")
    Dim HashedPassword As String = Values(0)
    Dim Salt As String = Values(1)


    Dim NewHashedPassword As String = GetHash(Password & Salt)

    Return NewHashedPassword.Equals(HashedPassword)

End Function


Private Function GetHash(ByVal StringToHash As String) As String
    Dim md5 As New MD5CryptoServiceProvider()
    Dim encoder As New UTF7Encoding()
    Dim encStringBytes As [Byte]()

    encStringBytes = encoder.GetBytes(StringToHash)
    encStringBytes = md5.ComputeHash(encStringBytes)

    Dim strHex As String = String.Empty
    For Each B As Byte In encStringBytes
        strHex &= String.Format("{0:x2}", B)
    Next

    Return strHex

End Function

The result is that "NewHashedPassword" and "HashedPassword" are very different using the correct password/DB encrypted password combination. Any ideas?

分享到QQ

分享到微博