Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 25 Aug 2012, 22:07
movmix movmix is offline
 
Join Date: Sep 2007
Post how to hash or md5 userid

Hi everyone

what I am trying to do is how can I hash user id such as

http://www.vbulletin.org/forum/member.php?u=219992

i want hash these number or MD5 it


can I ?
Reply With Quote
  #2  
Old 25 Aug 2012, 23:56
kh99 kh99 is offline
 
Join Date: Aug 2009
Real name: Kevin
Do you mean you want to do that everywhere a userid is used in a url? Or just one place?

If you don't mind my asking, why would you want ot do that? I'm asking because if you did hash the userid, I don't know how the code would figure out which user your meant except by starting with 1 and hashing all user ids until one matched, and anyone could do that.
Reply With Quote
  #3  
Old 26 Aug 2012, 00:10
movmix movmix is offline
 
Join Date: Sep 2007
Just find it

Last edited by movmix; 26 Aug 2012 at 00:29.
Reply With Quote
  #4  
Old 26 Aug 2012, 00:13
AcheronAI's Avatar
AcheronAI AcheronAI is offline
 
Join Date: Aug 2012
I think it would be easier to add a new field to the user and have unique ids in it, while that would take a bit of coding it would be less work then changing their user id.
Reply With Quote
  #5  
Old 26 Aug 2012, 01:49
kh99 kh99 is offline
 
Join Date: Aug 2009
Real name: Kevin
I know what you mean now, you just want to put something as a parameter that can't be guessed so people can't cheat. You could hash the user id (maybe concatenating it with some "secret" string value), but the only way to get back the userid would be to calculate the has value for each id until you find one that matches. Or you could do something like is mentioned above. You don't have to add a column to the user table, you could make a new table and just use any random value as a id into the table (this is how activation and password changes work, using the useractivation table. Maybe you could figure out a way to use that same table).

Or maybe you just wanted to know the name of the php function? It's md5().
Reply With Quote
  #6  
Old 26 Aug 2012, 03:48
movmix movmix is offline
 
Join Date: Sep 2007
Originally Posted by kh99 View Post
I know what you mean now, you just want to put something as a parameter that can't be guessed so people can't cheat. You could hash the user id (maybe concatenating it with some "secret" string value), but the only way to get back the userid would be to calculate the has value for each id until you find one that matches. Or you could do something like is mentioned above. You don't have to add a column to the user table, you could make a new table and just use any random value as a id into the table (this is how activation and password changes work, using the useractivation table. Maybe you could figure out a way to use that same table).

Or maybe you just wanted to know the name of the php function? It's md5().
OK. Let's say that i want add MD5 with userid like


register.php?referrerid=1&invite=5808409b7ba1463c0d518dca3bb31d0e

See, If I want add the hash how can I ?
Reply With Quote
  #7  
Old 26 Aug 2012, 03:59
AcheronAI's Avatar
AcheronAI AcheronAI is offline
 
Join Date: Aug 2012
I would stay away from the hash idea , how are you going to find the correct member? If you check each user that could put a strain on the server if you have a lot of members.
Reply With Quote
  #8  
Old 26 Aug 2012, 09:32
kh99 kh99 is offline
 
Join Date: Aug 2009
Real name: Kevin
Originally Posted by movmix View Post
OK. Let's say that i want add MD5 with userid like


register.php?referrerid=1&invite=5808409b7ba1463c0d518dca3bb31d0e

See, If I want add the hash how can I ?

Well, you could include the userid and also a hash to check the validity. Is that what you mean? It probably wouldn't be really great security-wise, but it might be good enough for your purpose. You could do something like make a secret phrase that you define in your code, then to produce the "invite" parameter, make a hash of the phrase with the userid, like


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.


Then when the link is clicked you can do the same thing (because you'll have the userid in the "referrerid" parameter) and compare them.

With this scheme, an uninvited person trying to register won't know how to create the right hash value to look like they were refered by a certain user, but of course once someone knows one of the hash values, it can be used again and again, which is why the other idea of storing a random value in a db table is better.

Last edited by kh99; 26 Aug 2012 at 09:40.
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 10:33.

Layout Options | Width: Wide Color: