MD5 Hash key

[rerbe]

How does OSC create the MD5 Hash Key for the password.

 

I am working with MS Access to edit the databases in OSC (Mainly to add existing customers from another cart).

 

I am having toruble with the passwords.

 

I have downloaded seceral MD5 Hash encryption programs and none of the encrypted passwords work.

 

I have noticed that the passwords created by OSC have a 2 digit number at the end of the main password.

 

Is this the problem? If so what are these for? And how can I implement them.

 

Can anyone advise.

 

Thanks

 

Richard :angry:

[241]

look at catalog/includes/functions/password_funcs.php there you will see how the password is salted with the md5

[rerbe]

Thanks for this. Do you know if their is a piece of software that is capable of encoding the passwords this way??

[ptrinephi]

Thanks for this.  Do you know if their is a piece of software that is capable of encoding the passwords this way??

<{POST_SNAPBACK}>

I'm having the same problem. I'm trying to update the MySQL database customers table from another system using VB.NET and can't figure out how to encode the password. If you find/have a solution please let me know and like wize, if I find a solution I'll let you know.

 

Thanks,

[ptrinephi]

I'm having the same problem.  I'm trying to update the MySQL database customers table from another system using VB.NET and can't figure out how to encode the password.  If you find/have a solution please let me know and like wize, if I find a solution I'll let you know.

 

Thanks,

<{POST_SNAPBACK}>

OK got it. I found the solution from another post. Here's the VB.NET code:

 

' Encrypt customers' password

mySelectQuery = "UPDATE customers SET customers_password = concat_ws( "":"", md5( concat( 'ip', customers_password ) ) , 'ip' ) WHERE customers_id = " + txtID.Text

Dim myCommand2 As New MySqlCommand(mySelectQuery)

myCommand2.Connection = myConnection

myCommand2.ExecuteNonQuery()

 

It seems to work pretty good.

[rerbe]

Thanks for that, but how would I implement this code (how did you do it?)

[ptrinephi]

Thanks for that, but how would I implement this code (how did you do it?)

<{POST_SNAPBACK}>

 

I used this code in VB.NET with the ADO.NET driver for MySQL from ByteFX. You can download the driver on www.mysql.com

 

In the code below, just change txtID.text with the customer_id you want to encode or remove the WHERE clause to encode all passwords in the database. Be careful though because running against the entire database will encode the already encoded passwords.

 

This code assumes that the password is already in the database in clear text and it will encode and replace the clear text password.

 

I've been running this code for a few weeks now it works pretty good.

 

Bottom line: all you need is to execute the SQL statement "UPDATE customers SET customers_password = concat_ws( "":"", md5( concat( 'ip', customers_password ) ) , 'ip' ) WHERE ... " to encode a password and you can execute this SQL statement from any programs including MySQLAdmin.

 

 

Dim OSCConnectString As String = "Database=TheStoreZone;Data Source=localhost;User Id=root;Password="

Dim myConnection As New MySqlConnection(OSCConnectString)

 

myConnection.Open()

 

mySelectQuery = "UPDATE customers SET customers_password = concat_ws( "":"", md5( concat( 'ip', customers_password ) ) , 'ip' ) WHERE customer_id = '" + txtID.Text + "'"

 

Dim myCommand2 As New MySqlCommand(mySelectQuery)

myCommand2.Connection = myConnection

myCommand2.ExecuteNonQuery()

 

myConnection.Close()

[rerbe]

Thanks for that, (still a little confused though I must be dumb)

 

Do you know what I would need to feed into phpmyadmin to be able to sat encode the password of customer_id 142??

 

Sorry to keep asking but I am fairly new to this..

 

Thanks

 

Richard :blink:

[ptrinephi]

Thanks for that, (still a little confused though I must be dumb)

 

Do you know what I would need to feed into phpmyadmin to be able to sat encode the password of customer_id 142??

 

Sorry to keep asking but I am fairly new to this..

 

Thanks

 

Richard  :blink:

<{POST_SNAPBACK}>

 

UPDATE customers SET customers_password = concat_ws( "":"", md5( concat( 'ip', customers_password ) ) , 'ip' ) WHERE customer_id = '142'

[rerbe]

I tried this and received the error

 

Error

 

SQL-query :

 

UPDATE customers SET customers_password = concat_ws( "" : "", md5( concat( 'ip', customers_password ) ) , 'ip' ) WHERE customer_id = '142'

 

#1064 - You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ': "", md5( concat( 'ip', customers_password ) ) , 'ip' )

 

I have checked the SQL veriosn and it is 4.0.20-standard will this make any difference??

 

Cheers

:(

[rerbe]

Hi ptrinephi

 

Sorry to hasstle you but do you have any suggestions with the above.

 

Cheers

[ptrinephi]

Hi ptrinephi

 

Sorry to hasstle you but do you have any suggestions with the above.

 

Cheers

<{POST_SNAPBACK}>

 

OK here it is. I copied and pasted the statement from a VB project so there were extra double quotes in it. Try this:

 

UPDATE customers SET customers_password = concat_ws( ":", md5( concat( 'ip', customers_password ) ) , 'ip' ) where customers_id = 100

 

Notice ":" before ,md5

 

Sorry about this.

[rerbe]

Thanks ptrinephi,

 

tried the last code you supplied and it worked a treat!

 

Very very gratefull for the help.

 

You're the man.....