VB6 PRO DOCS

English

中文

English

中文

Appearance

VBMAN.Password - Password Processing Object

Overview

VBMAN.Password provides password hash creation and verification functionality, using MD5 and other hash algorithms, supporting custom salt values.

Core Features

  • Password Hash: Generate password hash using MD5 algorithm
  • Salt Support: Support custom salt values to enhance security
  • Algorithm Selection: Support multiple hash algorithms (via Algorithm property)
  • Encoding Selection: Support different character encodings

Properties

PropertyTypeDescription
LastErrorStringLast error message (read-only)
AlgorithmCryptoHashAlgorithmHash algorithm (default MD5)
SaltStringSalt value (default empty string)
EncodingCryptoStringEncodingCharacter encoding (default UTF-8)

Methods

Create

Create password hash

vb
Public Function Create(ByVal Password As String, Optional ByRef Salt As Variant) As String

Parameters:

  • Password - Plain text password
  • Salt - Salt value (optional, default uses Salt property)

Returns: Hexadecimal hash string, returns empty string on failure

Example:

vb
' Basic usage
Dim hash As String
hash = VBMAN.Password.Create("mypassword")
Debug.Print hash  ' MD5 hash value

' Set salt via property
VBMAN.Password.Salt = "mysalt"
hash = VBMAN.Password.Create("mypassword")

' Pass salt via parameter
hash = VBMAN.Password.Create("mypassword", "mysalt")

Verify

Verify password

vb
Public Function Verify(ByVal Password As String, ByVal Hash As String) As Boolean

Parameters:

  • Password - Plain text password
  • Hash - Stored hash value

Returns: True=verification passed, False=verification failed

Example:

vb
' Verify password
Dim isValid As Boolean
isValid = VBMAN.Password.Verify("mypassword", storedHash)

If isValid Then
    MsgBox "Password correct"
Else
    MsgBox "Password error: " & VBMAN.Password.LastError
End If

Comprehensive Examples

Example 1: User Registration (Create Password)

vb
Private Sub RegisterUser(username As String, password As String)
    ' Generate random salt (optional)
    Dim salt As String
    salt = VBMAN.ToolsStr.GetGUID()  ' Use GUID as salt
    VBMAN.Password.Salt = salt
    
    ' Create password hash
    Dim passwordHash As String
    passwordHash = VBMAN.Password.Create(password)
    
    If passwordHash = "" Then
        MsgBox "Password processing failed: " & VBMAN.Password.LastError
        Exit Sub
    End If
    
    ' Store to database (store hash and salt together)
    VBMAN.Db.Sql("INSERT INTO users (username, password_hash, salt) VALUES (?, ?, ?)"). _
        Param("username", username). _
        Param("password_hash", passwordHash). _
        Param("salt", salt). _
        ExecParam
    
    MsgBox "Registration successful!"
End Sub

Example 2: User Login (Verify Password)

vb
Private Sub LoginUser(username As String, password As String)
    ' Query user info
    VBMAN.Db.Sql("SELECT * FROM users WHERE username=?").Param("username", username).FetchParam
    
    If VBMAN.Db.Row.Count = 0 Then
        MsgBox "User does not exist"
        Exit Sub
    End If
    
    ' Get stored hash and salt
    Dim storedHash As String
    Dim salt As String
    storedHash = VBMAN.Db.Row("password_hash")
    salt = VBMAN.Db.Row("salt")
    
    ' Set salt and verify
    VBMAN.Password.Salt = salt
    Dim isValid As Boolean
    isValid = VBMAN.Password.Verify(password, storedHash)
    
    If isValid Then
        MsgBox "Login successful!"
        ' Execute post-login operations...
    Else
        MsgBox "Password error"
    End If
End Sub

Example 3: Change Password

vb
Private Sub ChangePassword(userId As Long, oldPassword As String, newPassword As String)
    ' Verify old password
    VBMAN.Db.Sql("SELECT password_hash, salt FROM users WHERE id=?").Param("id", userId).FetchParam
    
    VBMAN.Password.Salt = VBMAN.Db.Row("salt")
    
    If Not VBMAN.Password.Verify(oldPassword, VBMAN.Db.Row("password_hash")) Then
        MsgBox "Old password error"
        Exit Sub
    End If
    
    ' Generate new salt and new hash
    Dim newSalt As String
    newSalt = VBMAN.ToolsStr.GetGUID()
    VBMAN.Password.Salt = newSalt
    
    Dim newHash As String
    newHash = VBMAN.Password.Create(newPassword)
    
    ' Update database
    VBMAN.Db.Sql("UPDATE users SET password_hash=?, salt=? WHERE id=?"). _
        Param("password_hash", newHash). _
        Param("salt", newSalt). _
        Param("id", userId). _
        ExecParam
    
    MsgBox "Password changed successfully!"
End Sub

Best Practices

  1. Use Salt: Always use salt to enhance security, each user uses different salt
  2. Store Salt: Salt needs to be stored together with hash for verification
  3. Password Complexity: Recommend verifying password complexity on frontend (length, character types, etc.)
  4. Algorithm Selection: Choose appropriate hash algorithm based on security requirements
  5. Error Handling: Check LastError for detailed error information

Notes

  • Default uses MD5 algorithm, can switch to other algorithms for higher security requirements
  • Salt is an important security measure, don't use the same fixed salt
  • Password hash is one-way, cannot restore original password from hash

VB6 and LOGO copyright of Microsoft Corporation

VBMAN copyright © 2019-2026 woeoio