I'm converting from phpBB to vBulletin, and I need a hack that allows vBulletin to use MD5 passwords. Does such a thing exist? If this has been covered, I'm sorry for the repetition, but I am unable to find anything by searching.

Thanks in advance for your help!

Version 2.2.0 uses MD5() passwords so you would jusy copy the passwords over as is.

Really? Well don't I feel silly :)

the import script told me I needed a hack, so I didn't even try just copying them over. Thanks a million!

Wait a sec.. I just realized, you said version 2.2.0 uses Md5? I thought 2.0.3 was the latest version? Where can I find 2.2.0?

EDIT: So if 2.2.0 isn't released yet... can someone tell me where I can find an MD5 hack for 2.0.3?

Use the search feature and search the releases forum. I'd wait if I were you though, vB 2.2.0's release is immenant.

2.2.0 includes MD5 passwords? Will there be an option to disable this?

Originally posted by J. Hung
2.2.0 includes MD5 passwords? Will there be an option to disable this?

I doubt it. Why would you want to disable it?

I use the vBulletin account to update the web e-mail accounts. I set up a cron task to update the passwords to all of the e-mail accounts in correspondence to the vBulletin.

For example, if I changed my password, in about 5-10 minutes, the cron task would update the password under my e-mail server--and new bulletin board accounts under the inner circle group would have e-mail accounts created.

Please do allow an option for the older system--otherwise, I won't upgrade--or at least make a hack!

--Jason

I suppose I could have it create the account or change it when the password is changed. So when a user's group is changed, have it create account if group is "8"? Or when user changes password call a "system()"? And when user creates account, have it do a system()?

There won't be an option to disable the usage of md5(). Also if you have already md5()'s your passwords you will want to make sure to modify the upgrade script so you don't end up with double md5()'d passwords.

Just wanted to say that I found the MD5 hack, and it works great. Thanks guys :)

How will this addition/modification effect sites integrated with vBulletin? Example: I have a site that checks for the bbuserid/bbpassword cookies and, if they are not detected, prompts them to login if they want to add any comments...will this change effect any such work?

You'll just have to make all checks on the password take encryption into account. For example, on my site, I added a bit to check if their password is encrypted or not, and if it is, encrypt the password they give you and check it against the DB. If not, just compare them like you would normally.

So, rather than "if ($bbuserid) == whatever", I'd have to try "if (md5($bbuserid) == whatever"? Or something like that? I guess that, if I'm just checking for the existence of the cookie, it should still be good?

if(user[usesencryption])
{
if(md5(inputpass) == user[pass])
// you're in
}
else(//they don't use password encrytpion)
{
if(inputpass == user[pass])
//you are in
}

Uh, you mean there's some option in their User CP to allow them to have their password encrypted or not?

it would be better if there wasn't a option.. i hate it when ppl look at my password

No no, that's not what I mean: the code you posted implied that, at times, the password won't be encrypted.

With the hack/2.0.3 it won't be encrypted at times. With 2.2.0 it'll always be encrypted.

oh ok i see now