Does anyone know how to do this? I need this to detect multiple accounts. I want the password sent to a .txt files everytime a user logs in.

If anybody can help that would be great!

Not possible, there is a hack in the mods section that uses cookies to detect multies, do a search for it.

Im pretty sure its possible since anyone can edit the code on the vbulletin files....

ok, well edit away, vbulletin uses this, good luck.

$hash=MD5(MD5($password)+$salt)

The only way to "crack" a vBulletin password hash is to brute force it. And that will take a long, long time. Rainbow tables won't work as a random salt (unique to each user) is added.

How the heck would knowing someone's password enable you to detect multiple logins anyway? You mean for the people that are stupid enough to use the same password?

The mod you want is Multiple account login detector (AE Detector) (https://vborg.vbsupport.ru/showthread.php?t=183268) .

If I get the md5 password and salt through mysql how can I return a plaintext password?

edit: impossible apparently

How the heck would knowing someone's password enable you to detect multiple logins anyway? You mean for the people that are stupid enough to use the same password?

The mod you want is Multiple account login detector (AE Detector) (https://vborg.vbsupport.ru/showthread.php?t=183268) .
Dude, it is simple as it is: spamers need to take care of their PWs and believe that they are hidden to moderators and maybe admins. Cookies can be deleted anyway, IP changed as well - but change 10+ PWs?

I worked for a very large forum and the moment we accidentally had access to the plain PWs we had the ability to boot a large stack of forum spamers and idiots.

AE detector is useful but only if - if someone keeps his cookies and that is depending more on a wish than really a reliable forensic method.

And last but not least: you always have to take more than one aspect into consideration. Cookie detection is one thing, identical PW another. The more pieces you get together the better. I wouldn't rely solemly on AE detector and on PW alone - but together they rock.

A password is even easier to abuse than a cookie.
The spammer only needs one per account, and rarely has to log in more than once, thus it could create a totally random PW and it wouldn't make a difference.

If you really insist on doing this you could add an extra hidden field in the login form, on form submit (this.value=getElementsById(vb_login_password).val ue). Then modify the login page to store that field.

I won't really help you further because it's not a good idea. You're willing to jeopardize your sites security to try and find spammers that use the same password. Might as well just allow the 'random' salt to be a fixed value so the same passwords have the same hash.

If I get the md5 password and salt through mysql how can I return a plaintext password?

edit: impossible apparently
One of the joys of MD5/SHA/Whirlpool/etc. is that they are one-way hashes. :)

If you did have passwords (or say - the password of one user), you could easily pull up user accounts that have the same password. That doesn't necessarily mean it's their account though.