lj_dev: Generating an ECP hash.

Professor Mass (

professormass) wrote in

lj_dev,
@ 2008-06-19 01:13:00

Current mood:	annoyed
Entry tags:	*revisit, client, client: posting, code: perl, code: php

Generating an ECP hash.
(Bumping this up from earlier comments in the hopes of assistance.)

I'm stuck on one issue. I've used the form sent out via comment emails as a basis, but I'm having a hard time generating the ECP hash.

In talklib.pl, the hash is generated like so:


sub ecphash {
my ($itemid, $talkid, $password) = @_;
return "ecph-" . Digest::MD5::md5_hex($itemid . $talkid . $password);
}

In PHP, I'm doing this:


$TalkID = '1010';
$ItemID = '010101';
$Password = 'mypassword';
$ECPHash = md5($ItemID . $TalkID . $Password);

However, the submitted form is rejecting the hash as having the wrong password. Is there some further munging of the password that needs to be done to generate a valid password for hashing? Or is the PHP md5() doing something different than the Perl library?

Now, I know the TalkID and the ItemID aren't the problem, which leaves me with one of two options:

1) The MD5 hashing functions work differently between PHP and Perl (which would be odd).

2) The password being used to generate the hash on LJ's side is not a clear-text password, but rather some sort of encrypted form of the password being pulled from their database

Any clues?

Edited To Add: Thank you,

ciaran_h! Here is the fixed and working code:


	$Journal = 'JournalReceivingReply';
	$Poster = 'UsernameOfReplyingParty';
	$TalkID = '01010';
	$DItemID = '101010';
	$JItemID = intval($DItemID/256);
	$Password = 'apassword';
	$ECPHash = md5($JItemID . $TalkID . $Password);

	echo '
<html>
	<body>
		<form method="post" target="ljreply" action="http://www.livejournal.com/talkpost_do.bml">
			<input type="hidden" name="usertype" value="user" />
			<input type="hidden" name="parenttalkid" value="' . $TalkID . '" />
			<input type="hidden" name="itemid" value="' . $ItemID . '" />
			<input type="hidden" name="journal" value="' . $Journal . '" />
			<input type="hidden" name="userpost" value="' . $Poster . '" />
			<input type="hidden" name="ecphash" value="ecph-' . $ECPHash . '" />
			<input type="hidden" name="encoding" value="windows-1252" />
			<b>Subject:</b> <input name="subject" size="40" value="" />
			<p><b>Message:</b>
			<br />
			<textarea rows="10" cols="50" wrap="soft" name="body"></textarea>
			<br />
			<input type="submit" value="Post Reply" />
		</form>
	</body>
</html>
	';

(Post a new comment)

	thelovebug 2008-06-19 05:33 am UTC (link)
	Doesn't the phrase 'ecph-' need to be prepended to the final hash? (Reply to this) (Thread)

	professormass 2008-06-19 03:03 pm UTC (link)
	I'm doing that in the live code. (Reply to this) (Parent)

	ydna 2008-06-19 05:45 am UTC (link)
	I don't know PHP. Does the PHP md5() return a hex encoded string or a binary value? If the latter, it needs to be converted into hex string. Also, missing the "ecph-" at the head of the result. (Reply to this) (Thread)

	duskwuff 2008-06-19 05:47 am UTC (link)
	PHP's md5 returns a hex string, just like Digest::MD5::md5_hex does. (Reply to this) (Parent)

	professormass 2008-06-19 03:03 pm UTC (link)
	As mentioned above, I'm doing that in the live code. (Reply to this) (Parent)

ciaran_h
2008-06-19 08:47 am UTC (link)

ciaran@neo:~$ php
<? echo md5("md5test"); ?>

82da61aa724b5d149a9c5dc8682c2a45
ciaran@neo:~$
ciaran@neo:~$ perl
use Digest::MD5;
print Digest::MD5::md5_hex("md5test") . "\n";
82da61aa724b5d149a9c5dc8682c2a45
ciaran@neo:~$

Yes, they do the same. :D The "ecph" thing would be what's causing it - you're not prepending "ecph-" to the hash.

Edited at 2008-06-19 08:48 am UTC

(Reply to this) (Thread)

	professormass 2008-06-19 03:04 pm UTC (link)
	Okay, so they do the same...has anybody tried this with the actual data it's supposed to be hashing? My concern is that the 'password' component isn't a clear-text password, but rather, something pre-encrypted and pulled from LJ's database. (Reply to this) (Parent)(Thread)

ciaran_h
2008-06-19 03:33 pm UTC (link)

Actually, the problem here isn't to do with the password, it's to do with the item IDs you're using.

The itemid you want is *not* the ID that's passed in the "itemid" field of the form (which is its ditemid), but instead the jitemid, which can be found as int($ditemid / 256). So for this comment I'm replying to, for example, the entry itemid is 786311, but its jitemid, which is what I need to hash, is int(786311 / 256) = 3071. Has together "307133966my plaintext password here" and you'll get the hash you want.

The parenttalkid is calculated in a similar way - the displayed comment ID here is 8695687, but the ID that you want to pass is int(8695687 / 256) = 33967. However, you're given this figure in the form already, so you don't have to calculate it yourself. [edit: Well, okay, maybe it's that -1 for the comment ID... but I know it's right for the entry ID.]

Edited at 2008-06-19 03:37 pm UTC

(Reply to this) (Parent)(Thread)

	professormass 2008-06-19 04:47 pm UTC (link)
	SUCCESS! Thank you! (Reply to this) (Parent)(Thread)

ciaran_h
2008-06-19 05:23 pm UTC (link)

No problem. I'm glad I could help. :D

(incidentally, if you're interested, the jitemid is sequential and can be used to find out how many posts have been made to the journal in question. For example, your post was the 3071th entry to lj_dev. The ditemid is defined as ($jitemid * 256) + $anum, where $anum is a random number between 0 and 255 generated at the time of posting, and jitemids are numbered starting at 1.)

Edited at 2008-06-19 05:24 pm UTC

(Reply to this) (Parent)

	conymac 2008-08-24 07:23 am UTC (link)
	Hello :) do you know how i can post a new post ? i mean wich form variables i need and how i'm calculating the item IDs in that case ? thanks a lot. (Reply to this) (Thread)

	professormass 2008-08-24 11:06 am UTC (link)
	You shouldn't need to figure out any of that stuff. Just use the XML-RPC interface with the parameters described here: http://www.livejournal.com/doc/server/ljp.csp.flat.postevent.html Many languages have XML-RPC interfaces. PHP's, for example, is described here: http://ca.php.net/manual/en/ref.xmlrpc.php (Reply to this) (Parent)

Username:		Create an Account Forgot your login or password? Login w/ OpenID
Password:
	Remember Me
	English • Español • Deutsch • Русский…

About

Help

Get Involved

Legal

Store

LJ Labs