View Full Version : Hacking User Database
ManagerJosh
08-05-2005, 01:41 AM
Okay, I'm trying to hack the user database in 3.5 to redistribute and update appropiate user information (ie. password, username, email, etc.)
Everything's changed so much, I don't know where to start. The information needs to goto a completely different database, with a totally different SQL username/password combination....Oh also, it's using the traditional MD5 password hash :ermm:
So...where do I start? :D
Andreas
08-05-2005, 01:43 AM
Hook userdata_postsave
ManagerJosh
08-05-2005, 01:46 AM
Hook userdata_postsave
Care to elaborate a bit more? :D
Andreas
08-05-2005, 01:50 AM
This is a Hook in the User Datamanager, which is being called whenever smth. was saved to the user Table through the Datamanager.
You can access the fields you need with
$this->fetch_field('fielname');
Then process them as you need.
ManagerJosh
08-05-2005, 04:58 AM
This is a Hook in the User Datamanager, which is being called whenever smth. was saved to the user Table through the Datamanager.
You can access the fields you need with
$this->fetch_field('fielname');
Then process them as you need.
Okay, but that only puts me in a spot to limit data within the same database. How do I go about distributing it to a totally different database?
Marco van Herwaarden
08-05-2005, 07:07 AM
Whatever solution you will choose, the password will be impossible.
ManagerJosh
08-05-2005, 08:46 AM
Whatever solution you will choose, the password will be impossible.
Nothing is impossible Marco :p I thought it would be originally in the 3.0, but I was able to find a solution around it. It's a matter of finding a solution in 3.5.x
Marco van Herwaarden
08-05-2005, 02:36 PM
Ok, let me rephrase that: "The password is impossible without reducing your security significant"
Andreas
08-05-2005, 02:57 PM
Marco is right, you can't catch the Plaintext Password without reducing security significantly.
To store Data in another Database, just connect to it using the PHP mySQL Interface.
ManagerJosh
08-08-2005, 08:05 AM
meah...i'm not the best of codehackers Kirby. Care to give me a lil lesson on how to hack 3.5 :p :D. I suck at abstract queries.
Boofo
08-08-2005, 08:48 AM
Whatever solution you will choose, the password will be impossible.
What if you grab it before they hash it?
Marco van Herwaarden
08-08-2005, 11:28 AM
What if you grab it before they hash it?That would make it less secure. If i remember correct it is already hashed when it is send from client to server.
ManagerJosh
08-10-2005, 05:22 AM
That would make it less secure. If i remember correct it is already hashed when it is send from client to server.
But the passwords are dual hashed. I just get the original md5 hashed password and it works fine.
Anyhow, Marco, when you do pop into vBfans, mind walking me through here? I'm a bit oblivious to 3.5 codehacking currently...
vBulletin® v3.8.12 by vBS, Copyright ©2000-2025, vBulletin Solutions Inc.