Problem Checking Password w/database

[nsanden]

I'm writing a little script that needs to be able to check the cookied password vs the password thats in the db. The problem is I have no experience with crypt, and I noticed the passwords are obviously encyrpted before they go into the database, so how do i decrypt them before checking them vs the cookied password?

I tried $passwrd = crypt($cookiedpassword,substr($cookiedpassword,0,2)); but that doesn't match the password in my database...

Any help would be appreciated!

Thanks,
Nate

[Jedi~]

You can't decrypt passwords if encrypted using crypt(), it's a one way encryption.

[nsanden]

Well after a further look, I logged into the forums... So it set my cookied username and password.

Then a made a page and echoed the cookied password..

it looked to be encyrpted somehow, but it wasn't the same as the encyrpted password in the database...

So how do i check the cookied password with the password in the database??

[nsanden]

Okay I know I can't be the only one that ran into this problem, but I did manage to figure it out, so I want to share for those that care....

(Mod/Admin feel free to delete if you think this may jeaprodize yabb security)

First of all when you login to your forums, yabb encrypts whatever you enter in the password field and gives it a seed of the first 2 letters of your password... So say "passwd" is the name of password text field in the login form.

loginout.php then does $passwd=crypt($passwd,substr($passwd,2,0));

this takes and encrypts your entered password and uses the first 2 characters as the seed.

so now your password is encypted and compared to the database password.

Then for your cookie, yabb encrypts it again! This time using $password=crypt($passwd,$pwseed) where $pwseed is "ys". This is declared in subs.php

Since you can't decrypt a password, you have to use your head (as I didn't at first) and do some backwards checking...

Try doing a query of your database to find the password for a certain user, crypt it once with the "ys" seed, and that will equal your cookied password. If they don't equal, then your user isn't logged in, or he doesn't exist. If they do equal then he's verified!