vBulletin Mods

The Official vBulletin Modifications Site
https://www.vbulletin.org/forum/showthread.php?t=287093

how to hash or md5 userid
by movmix
25 Aug 2012 22:07

Hi everyone

what I am trying to do is how can I hash user id such as

http://www.vbulletin.org/forum/member.php?u=219992

i want hash these number or MD5 it


can I ?

kh99 25 Aug 2012 23:56

Do you mean you want to do that everywhere a userid is used in a url? Or just one place?

If you don't mind my asking, why would you want ot do that? I'm asking because if you did hash the userid, I don't know how the code would figure out which user your meant except by starting with 1 and hashing all user ids until one matched, and anyone could do that.

movmix 26 Aug 2012 00:10

Just find it

AcheronAI 26 Aug 2012 00:13

I think it would be easier to add a new field to the user and have unique ids in it, while that would take a bit of coding it would be less work then changing their user id.

kh99 26 Aug 2012 01:49

I know what you mean now, you just want to put something as a parameter that can't be guessed so people can't cheat. You could hash the user id (maybe concatenating it with some "secret" string value), but the only way to get back the userid would be to calculate the has value for each id until you find one that matches. Or you could do something like is mentioned above. You don't have to add a column to the user table, you could make a new table and just use any random value as a id into the table (this is how activation and password changes work, using the useractivation table. Maybe you could figure out a way to use that same table).

Or maybe you just wanted to know the name of the php function? It's md5().

movmix 26 Aug 2012 03:48

Quote:

Originally Posted by kh99 (Post 2360019)
I know what you mean now, you just want to put something as a parameter that can't be guessed so people can't cheat. You could hash the user id (maybe concatenating it with some "secret" string value), but the only way to get back the userid would be to calculate the has value for each id until you find one that matches. Or you could do something like is mentioned above. You don't have to add a column to the user table, you could make a new table and just use any random value as a id into the table (this is how activation and password changes work, using the useractivation table. Maybe you could figure out a way to use that same table).

Or maybe you just wanted to know the name of the php function? It's md5().

OK. Let's say that i want add MD5 with userid like


register.php?referrerid=1&invite=5808409b7ba1463c0d518dca3bb31d0e

See, If I want add the hash how can I ?

AcheronAI 26 Aug 2012 03:59

I would stay away from the hash idea , how are you going to find the correct member? If you check each user that could put a strain on the server if you have a lot of members.

kh99 26 Aug 2012 09:32

Quote:

Originally Posted by movmix (Post 2360038)
OK. Let's say that i want add MD5 with userid like


register.php?referrerid=1&invite=5808409b7ba1463c0d518dca3bb31d0e

See, If I want add the hash how can I ?


Well, you could include the userid and also a hash to check the validity. Is that what you mean? It probably wouldn't be really great security-wise, but it might be good enough for your purpose. You could do something like make a secret phrase that you define in your code, then to produce the "invite" parameter, make a hash of the phrase with the userid, like


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.


Then when the link is clicked you can do the same thing (because you'll have the userid in the "referrerid" parameter) and compare them.

With this scheme, an uninvited person trying to register won't know how to create the right hash value to look like they were refered by a certain user, but of course once someone knows one of the hash values, it can be used again and again, which is why the other idea of storing a random value in a db table is better.


All times are GMT. The time now is 15:52.

Powered by vBulletin® Version 3.8.14
Copyright © 2021, MH Sub I, LLC dba vBulletin. All Rights Reserved. vBulletin® is a registered trademark of MH Sub I, LLC
Copyright ©2001 - , vbulletin.org. All rights reserved.