Can anyone give me some sample code & variables to start off with to hack up one of the Data APIs so I can distribute usernames/passwords/emails and any other misc. data :)

No, that can not be done without reducing the vB security level to an unacceptable level (in my opinion).

No, that can not be done without reducing the vB security level to an unacceptable level (in my opinion).

So how are we to distribute username/password information? Mind you password is already encoded... :/

Maybe you should explain a bit more what you want to do.

During the registration process, submit usernames/passwords/emails to another database :)

Bug me more over IRC :p

Another vB database?

You can store the eMail and Username wherever you want.
The Password however never does reach your Server.

if you play with the register.php file, you can create a sql query BEFORE the password is encoded to push the data in another dB, or send them by email, but why would you play with such a security risk ?!

No you can't.
As said, the plaintext password never reaches the Server.

PAssword already get's hashed on the client (javascript), and like kirby say it would be a huge security risk not to do so.

The only way that MIGHT be possible is to create teh user on the second system with the same salt, but not even sure it would work then.

You can create as many users with the same password and different salts as you like :)

Yes but since the client will only sent the hashed password with the salt to the server, you will need to use the same salt on the second database, if you want the hashed passwords to match.

No you can't.
As said, the plaintext password never reaches the Server.
simple, edit the javascript to send another version of the un-hashed password...

you always can modify everything to your wills... you just need to know why you do it and know the risks of doing so...

We already said ti could be done, but only by lowering the security level vB is offering.

@nexialy
Yes, this is possible ... however you only spoke about register.php.
Anyway, it's not recommended

@nexialy
Yes, this is possible ... however you only spoke about register.php.
Anyway, it's not recommended

I don't want a plaintext password to be pushed around. That's too much of a security risk I'm willing to accept. I'm just wanting to push a MD5 password around.

I know vBulletin created the MD5 clientside as well as the our current Hashing for vB3.x.