如何在 C# 中登录 myBB。 (哈希无法正常工作)
How to login to myBB in C#. (Hashing not working correctly)
我正在尝试登录我论坛上的 mybb 帐户。我需要使用 SQL 数据库进行登录,但密码是散列的。我已经尝试了几乎所有方法,包括对登录密码进行哈希处理,但它就是行不通。
使用普通的非散列密码可以找到,但不能使用散列密码。
string salt = Global.salt; // get salt from db
string password = textBox2.Text;// get password from user
MD5 md5 = new MD5CryptoServiceProvider();
// Create md5 hash of salt
byte[] saltBytes = Encoding.Default.GetBytes(salt);
byte[] saltHashBytes;
using (Stream saltStream = GenerateStreamFromString(salt))
{
saltHashBytes = md5.ComputeHash(saltStream);
}
string saltHash = System.BitConverter.ToString(saltHashBytes);
// Create your md5(password + md5(salt)) hash
byte[] passwordBytes = Encoding.Default.GetBytes(password + saltHash);
byte[] passwordHashBytes;
using (Stream saltStream = GenerateStreamFromString(salt))
{
passwordHashBytes = md5.ComputeHash(saltStream);
}
string passwordHash = BitConverter.ToString(passwordHashBytes);
MessageBox.Show(passwordHash);
cmd = new MySqlCommand();
con.Open();
cmd.Connection = con;
cmd.CommandText = "SELECT * FROM testfdata_users where username='" + textBox1.Text + "' AND password='" + passwordHash + "'";
dr = cmd.ExecuteReader();
if (dr.Read())
{
MessageBox.Show("Login success ");
}
else
{
MessageBox.Show("Invalid Login please check username and password");
}
con.Close();
这就是我从数据库中获取盐的方式。
MySqlConnection con2 = new MySqlConnection("Server=host.com;Database=baseName;user=username;Pwd=pass;SslMode=none");
MySqlCommand cmd = new MySqlCommand("SELECT * FROM testfdata_users", con2);
con2.Open();
MySqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
Global.salt = reader.GetString("salt");
}
我明白问题出在哪里了。我将分享我所做的,以便遇到相同问题的任何人都可以在这里找到它。
首先,你需要创建这个方法。
public string CalculateMD5Hash(string input)
{
MD5 md5 = System.Security.Cryptography.MD5.Create();
byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(input);
byte[] hash = md5.ComputeHash(inputBytes);
StringBuilder sb = new StringBuilder();
for (int i = 0; i < hash.Length; i++)
{
sb.Append(hash[i].ToString("x2"));
}
return sb.ToString();
}
接下来,您需要从 SQL 数据库中获取盐
string salt;
MySqlConnection con2 = new MySqlConnection("Server=hostname;Database=databasename;user=username;Pwd=password;SslMode=none");
MySqlCommand cmd = new MySqlCommand("SELECT * FROM mybb_users", con2);
con2.Open();
MySqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
if (reader.GetString("username") == user) // You can get 'user' from a textbox
salt = reader.GetString("salt");
}
然后,您需要对用户输入的密码进行散列处理
string passwordHash = CalculateMD5Hash(CalculateMD5Hash(salt) + CalculateMD5Hash(password));
终于可以登录了
MySqlConnection con = new MySqlConnection("Server=remotemysql.com;Database=fofBv30s0W;user=fofBv30s0W;Pwd=sUFDdE8Tun;SslMode=none");
cmd = new MySqlCommand();
con.Open();
cmd.Connection = con;
cmd.CommandText = "SELECT * FROM mybb_users where username='" + username + "' AND password='" + passwordHash + "'";
dr = cmd.ExecuteReader();
if (dr.Read())
{
// Do what you want after login
}
else
{
MessageBox.Show("Invalid Login please check username and password");
}
con.Close();
代码应该看起来像这样
public string CalculateMD5Hash(string input)
{
MD5 md5 = System.Security.Cryptography.MD5.Create();
byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(input);
byte[] hash = md5.ComputeHash(inputBytes);
StringBuilder sb = new StringBuilder();
for (int i = 0; i < hash.Length; i++)
{
sb.Append(hash[i].ToString("x2"));
}
return sb.ToString();
}
private void button_Click(object sender, EventArgs e)
{
string salt;
string user = txtBx_User.Text;
string password = txtBx_Pass.Text;
MySqlConnection con2 = new MySqlConnection("Server=hostname;Database=databasename;user=username;Pwd=password;SslMode=none");
MySqlCommand cmd = new MySqlCommand("SELECT * FROM mybb_users", con2);
con2.Open();
MySqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
if (reader.GetString("username") == user)
salt = reader.GetString("salt");
}
string passwordHash = CalculateMD5Hash(CalculateMD5Hash(salt) + CalculateMD5Hash(password));
MySqlConnection con = new MySqlConnection("Server=remotemysql.com;Database=fofBv30s0W;user=fofBv30s0W;Pwd=sUFDdE8Tun;SslMode=none");
cmd = new MySqlCommand();
con.Open();
cmd.Connection = con;
cmd.CommandText = "SELECT * FROM mybb_users where username='" + username + "' AND password='" + passwordHash + "'";
dr = cmd.ExecuteReader();
if (dr.Read())
{
// Do what you want after login
}
else
{
MessageBox.Show("Invalid Login please check username and password");
}
con.Close();
}
我正在尝试登录我论坛上的 mybb 帐户。我需要使用 SQL 数据库进行登录,但密码是散列的。我已经尝试了几乎所有方法,包括对登录密码进行哈希处理,但它就是行不通。
使用普通的非散列密码可以找到,但不能使用散列密码。
string salt = Global.salt; // get salt from db
string password = textBox2.Text;// get password from user
MD5 md5 = new MD5CryptoServiceProvider();
// Create md5 hash of salt
byte[] saltBytes = Encoding.Default.GetBytes(salt);
byte[] saltHashBytes;
using (Stream saltStream = GenerateStreamFromString(salt))
{
saltHashBytes = md5.ComputeHash(saltStream);
}
string saltHash = System.BitConverter.ToString(saltHashBytes);
// Create your md5(password + md5(salt)) hash
byte[] passwordBytes = Encoding.Default.GetBytes(password + saltHash);
byte[] passwordHashBytes;
using (Stream saltStream = GenerateStreamFromString(salt))
{
passwordHashBytes = md5.ComputeHash(saltStream);
}
string passwordHash = BitConverter.ToString(passwordHashBytes);
MessageBox.Show(passwordHash);
cmd = new MySqlCommand();
con.Open();
cmd.Connection = con;
cmd.CommandText = "SELECT * FROM testfdata_users where username='" + textBox1.Text + "' AND password='" + passwordHash + "'";
dr = cmd.ExecuteReader();
if (dr.Read())
{
MessageBox.Show("Login success ");
}
else
{
MessageBox.Show("Invalid Login please check username and password");
}
con.Close();
这就是我从数据库中获取盐的方式。
MySqlConnection con2 = new MySqlConnection("Server=host.com;Database=baseName;user=username;Pwd=pass;SslMode=none");
MySqlCommand cmd = new MySqlCommand("SELECT * FROM testfdata_users", con2);
con2.Open();
MySqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
Global.salt = reader.GetString("salt");
}
我明白问题出在哪里了。我将分享我所做的,以便遇到相同问题的任何人都可以在这里找到它。
首先,你需要创建这个方法。
public string CalculateMD5Hash(string input)
{
MD5 md5 = System.Security.Cryptography.MD5.Create();
byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(input);
byte[] hash = md5.ComputeHash(inputBytes);
StringBuilder sb = new StringBuilder();
for (int i = 0; i < hash.Length; i++)
{
sb.Append(hash[i].ToString("x2"));
}
return sb.ToString();
}
接下来,您需要从 SQL 数据库中获取盐
string salt;
MySqlConnection con2 = new MySqlConnection("Server=hostname;Database=databasename;user=username;Pwd=password;SslMode=none");
MySqlCommand cmd = new MySqlCommand("SELECT * FROM mybb_users", con2);
con2.Open();
MySqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
if (reader.GetString("username") == user) // You can get 'user' from a textbox
salt = reader.GetString("salt");
}
然后,您需要对用户输入的密码进行散列处理
string passwordHash = CalculateMD5Hash(CalculateMD5Hash(salt) + CalculateMD5Hash(password));
终于可以登录了
MySqlConnection con = new MySqlConnection("Server=remotemysql.com;Database=fofBv30s0W;user=fofBv30s0W;Pwd=sUFDdE8Tun;SslMode=none");
cmd = new MySqlCommand();
con.Open();
cmd.Connection = con;
cmd.CommandText = "SELECT * FROM mybb_users where username='" + username + "' AND password='" + passwordHash + "'";
dr = cmd.ExecuteReader();
if (dr.Read())
{
// Do what you want after login
}
else
{
MessageBox.Show("Invalid Login please check username and password");
}
con.Close();
代码应该看起来像这样
public string CalculateMD5Hash(string input)
{
MD5 md5 = System.Security.Cryptography.MD5.Create();
byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(input);
byte[] hash = md5.ComputeHash(inputBytes);
StringBuilder sb = new StringBuilder();
for (int i = 0; i < hash.Length; i++)
{
sb.Append(hash[i].ToString("x2"));
}
return sb.ToString();
}
private void button_Click(object sender, EventArgs e)
{
string salt;
string user = txtBx_User.Text;
string password = txtBx_Pass.Text;
MySqlConnection con2 = new MySqlConnection("Server=hostname;Database=databasename;user=username;Pwd=password;SslMode=none");
MySqlCommand cmd = new MySqlCommand("SELECT * FROM mybb_users", con2);
con2.Open();
MySqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
if (reader.GetString("username") == user)
salt = reader.GetString("salt");
}
string passwordHash = CalculateMD5Hash(CalculateMD5Hash(salt) + CalculateMD5Hash(password));
MySqlConnection con = new MySqlConnection("Server=remotemysql.com;Database=fofBv30s0W;user=fofBv30s0W;Pwd=sUFDdE8Tun;SslMode=none");
cmd = new MySqlCommand();
con.Open();
cmd.Connection = con;
cmd.CommandText = "SELECT * FROM mybb_users where username='" + username + "' AND password='" + passwordHash + "'";
dr = cmd.ExecuteReader();
if (dr.Read())
{
// Do what you want after login
}
else
{
MessageBox.Show("Invalid Login please check username and password");
}
con.Close();
}