c# - 如何在 C# 中登录 myBB。(散列无法正常工作)
问题描述
我正在尝试登录我论坛上的 mybb 帐户。我需要使用 SQL 数据库进行登录,但密码是散列的。我已经尝试了几乎所有方法,包括对登录密码进行哈希处理,但它就是行不通。
它可以使用常规的非散列密码查找,但不适用于散列密码。
string salt = Global.salt; // get salt from db
string password = textBox2.Text;// get password from user
MD5 md5 = new MD5CryptoServiceProvider();
// Create md5 hash of salt
byte[] saltBytes = Encoding.Default.GetBytes(salt);
byte[] saltHashBytes;
using (Stream saltStream = GenerateStreamFromString(salt))
{
saltHashBytes = md5.ComputeHash(saltStream);
}
string saltHash = System.BitConverter.ToString(saltHashBytes);
// Create your md5(password + md5(salt)) hash
byte[] passwordBytes = Encoding.Default.GetBytes(password + saltHash);
byte[] passwordHashBytes;
using (Stream saltStream = GenerateStreamFromString(salt))
{
passwordHashBytes = md5.ComputeHash(saltStream);
}
string passwordHash = BitConverter.ToString(passwordHashBytes);
MessageBox.Show(passwordHash);
cmd = new MySqlCommand();
con.Open();
cmd.Connection = con;
cmd.CommandText = "SELECT * FROM testfdata_users where username='" + textBox1.Text + "' AND password='" + passwordHash + "'";
dr = cmd.ExecuteReader();
if (dr.Read())
{
MessageBox.Show("Login success ");
}
else
{
MessageBox.Show("Invalid Login please check username and password");
}
con.Close();
这就是我从数据库中获取盐的方式。
MySqlConnection con2 = new MySqlConnection("Server=host.com;Database=baseName;user=username;Pwd=pass;SslMode=none");
MySqlCommand cmd = new MySqlCommand("SELECT * FROM testfdata_users", con2);
con2.Open();
MySqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
Global.salt = reader.GetString("salt");
}
解决方案
我已经弄清楚了问题所在。我将分享我所做的,以便任何有相同问题的人都可以在这里找到它。
首先,您需要创建此方法。
public string CalculateMD5Hash(string input)
{
MD5 md5 = System.Security.Cryptography.MD5.Create();
byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(input);
byte[] hash = md5.ComputeHash(inputBytes);
StringBuilder sb = new StringBuilder();
for (int i = 0; i < hash.Length; i++)
{
sb.Append(hash[i].ToString("x2"));
}
return sb.ToString();
}
接下来,您需要从 SQL 数据库中获取 salt
string salt;
MySqlConnection con2 = new MySqlConnection("Server=hostname;Database=databasename;user=username;Pwd=password;SslMode=none");
MySqlCommand cmd = new MySqlCommand("SELECT * FROM mybb_users", con2);
con2.Open();
MySqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
if (reader.GetString("username") == user) // You can get 'user' from a textbox
salt = reader.GetString("salt");
}
然后,您需要对用户输入的密码进行哈希处理
string passwordHash = CalculateMD5Hash(CalculateMD5Hash(salt) + CalculateMD5Hash(password));
最后,您可以登录
MySqlConnection con = new MySqlConnection("Server=remotemysql.com;Database=fofBv30s0W;user=fofBv30s0W;Pwd=sUFDdE8Tun;SslMode=none");
cmd = new MySqlCommand();
con.Open();
cmd.Connection = con;
cmd.CommandText = "SELECT * FROM mybb_users where username='" + username + "' AND password='" + passwordHash + "'";
dr = cmd.ExecuteReader();
if (dr.Read())
{
// Do what you want after login
}
else
{
MessageBox.Show("Invalid Login please check username and password");
}
con.Close();
代码应该看起来像这样
public string CalculateMD5Hash(string input)
{
MD5 md5 = System.Security.Cryptography.MD5.Create();
byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(input);
byte[] hash = md5.ComputeHash(inputBytes);
StringBuilder sb = new StringBuilder();
for (int i = 0; i < hash.Length; i++)
{
sb.Append(hash[i].ToString("x2"));
}
return sb.ToString();
}
private void button_Click(object sender, EventArgs e)
{
string salt;
string user = txtBx_User.Text;
string password = txtBx_Pass.Text;
MySqlConnection con2 = new MySqlConnection("Server=hostname;Database=databasename;user=username;Pwd=password;SslMode=none");
MySqlCommand cmd = new MySqlCommand("SELECT * FROM mybb_users", con2);
con2.Open();
MySqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
if (reader.GetString("username") == user)
salt = reader.GetString("salt");
}
string passwordHash = CalculateMD5Hash(CalculateMD5Hash(salt) + CalculateMD5Hash(password));
MySqlConnection con = new MySqlConnection("Server=remotemysql.com;Database=fofBv30s0W;user=fofBv30s0W;Pwd=sUFDdE8Tun;SslMode=none");
cmd = new MySqlCommand();
con.Open();
cmd.Connection = con;
cmd.CommandText = "SELECT * FROM mybb_users where username='" + username + "' AND password='" + passwordHash + "'";
dr = cmd.ExecuteReader();
if (dr.Read())
{
// Do what you want after login
}
else
{
MessageBox.Show("Invalid Login please check username and password");
}
con.Close();
}
推荐阅读
- python - 为什么即使我们创建了多个小部件,自定义小部件的绑定也会占据所有焦点?
- ravendb - 在 RavenDB 中按整数列表排序
- java - java将runnable转换为callable
- c++ - 在 OpenCV 中使用 C++ 为 TriangulatePoints 将关键点转换为 cv::Mat
- c# - POST 请求的最佳实践
- c# - 有没有办法从同时输入的多个列表中删除一个项目?
- vb.net - For 循环 继续 For
- c# - 我应该如何使用 C# 8.0 中的可为空选项处理有关泛型的问题?
- reactjs - 如何在反应中将firestore中的整个集合设置为数组?
- python - Anaconda 显示此错误,无法正确训练模型