I had written web applications outside of vBulletin which were using vb's user table to log into them.

It worked great when my vB was 2.2.5 but after updating to 3.5.4 my web app (which does an md5($password) to check against the stored password in the user table) stopped working.

My question is: how are passwords encrypted now? I need to update my external login component to check the correct passwords (right now it always returns "password incorrect").

Thanks!!

IIRC vb 3.x.x does a double MD5 like this:

$md5ed_pwd = md5( md5( $password_from_loginform ) . $vbulletin->userinfo['salt'] );

You then check the $md5ed_pwd against the hash stored in the DB.

excellent thanks Hellcat!

I'm running your page compressor plug-in BTW, saving 10-15% bandwidth. Thanks for that (i'd up your positive rep power if this board allowed that) :)

... off to get my we apps to work again :)

MMhh what is:

$vbulletin->userinfo['salt']

?

I am doing my own login form, password rejection, etc. I am not even "inside" vB so all the variables are gone.

Thanks :)

About the salt:
You can get that value from the "salt" column of the "user" table.
Just include it in your SELECT statement when getting the password hash.

You ROCK Hellcat!

All my apps work now!

One of them (User Reviews of music gear)
http://www.futureproducers.com/userreviews.php

... don't mind the "looks" right now... Transition phase ;)

:)
Glad I could help.