vb.org Archive
Page 2 of 4 1 2 34
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.5 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=113)
-   -   [SMF] Imported User Password Hack (https://vborg.vbsupport.ru/showthread.php?t=97243)

Floris 10-04-2005 10:23 AM
Quote:
Originally Posted by Loukrhtia
I just WISH there was something like this when I imported SMF...
I lost a bunch of active members because of the reset... :(
Sorry, the 'turn back time' plugin for 3.5 isn't made yet. (50% done)

Floris 10-04-2005 10:24 AM
Quote:
Originally Posted by San
I have installed this modification correctly in 3.5 stable but it does not work :(

why?
We have of course NO clue.

What exactly does not work, can't they login? Do you get an error - more information is as usual 'very handy'.

San 10-04-2005 10:50 AM
Quote:
Originally Posted by Floris
We have of course NO clue.

What exactly does not work, can't they login? Do you get an error - more information is as usual 'very handy'.
You have entered an invalid username or password. Please press the back button, enter the correct details and try again. Don't forget that the password is case sensitive. Forgotten your password? Click here!

You have used 1 out of 5 login attempts. After all 5 have been used, you will be unable to login for 15 minutes.

I do not get any code's error but simply the forum does not recognize SMF imported password :(

DianaBlu 10-05-2005 10:33 AM
Hello;)
Same problem,as described above...
I did SMF import,installed (correctly) required hack,but passwords are not recognized and I do not get any specific error... :o
Any suggestion/fix available?

Thanks,have a good day

muf 10-26-2005 05:19 PM
I am extremely sorry, but I cannot seem to reproduce your issues. I just went through all the steps on my newly upgraded 3.5.0 stable vBulletin, and I can successfully login SMF users. The only thing I can think of is your SMF forum might have been imported incorrectly.

Krisekocm 11-18-2005 03:12 PM
3.5.1

not working :)

thx any way

mox- 11-21-2005 12:25 AM
I recently purchased vbulletin and I was a bit disappointed that my users would have to reset their passwords to login to the "new" forum

I'm really happy with this hack.. I just tried it and it's working perfectly !

I just upgraded from SMF 1.0.5 to vBulletin 3.5.1

THANK YOU SOOO MUCH !

Jerry 11-21-2005 04:19 PM
Quote:
Originally Posted by muf
vBulletin impex hashes all imported passwords with salt; md5(old_password . salt).
That is wrong, ImpEx, will only hash passwords that way if they are already md5(), if they are plain text then it goes md5(md5($password) . salt). So it depends on the source system, SMF can't be imported by default.

ImpEx's primary goal is to protect the database, not to force in passwords that break the schema and code and can be easily reset.

I explain how easy it is to reset the passwords here :

http://www.vbulletin.com/docs/html/impex_passwords

Also making users update passwords is more secure as people rarely rotate them.

muf 11-28-2005 01:39 PM
Quote:
Originally Posted by Jerry
That is wrong, ImpEx, will only hash passwords that way if they are already md5(), if they are plain text then it goes md5(md5($password) . salt). So it depends on the source system, SMF can't be imported by default.
That would seem logical, however I did not know/expect that there actually are versions of forum software that store the password in plaintext. And SMF can most certainly be imported by default, I've used impex to convert from SMF 1.0 -> vB 3.0.8, and then used the upgrade system to go from vB 3.0.8 to 3.5 (first RC2, then Gold).
Quote:
Originally Posted by Jerry
Also making users update passwords is more secure as people rarely rotate them.
I'm sorry, but that is nonsense. md5(md5(password) . salt) is just as secure as md5(md5_hmac(password, username) . salt). Algorithmically there is nothing less secure about HMAC than MD5, HMAC is arguably more secure because it uses a more complex algorithm. I know compatibility-wise resetting passwords is the recommended action from Jelsoft, but at least stick with the truth and don't say it's "more secure", because it isn't. If you ask users to reset their passwords 99.9% will reset it to their old password, so the only difference will be the way it is stored in the database.

Floris 11-28-2005 01:47 PM
Quote:
Originally Posted by muf
That would seem logical, however I did not know/expect that there actually are versions of forum software that store the password in plaintext. And SMF can most certainly be imported by default, I've used impex to convert from SMF 1.0 -> vB 3.0.8, and then used the upgrade system to go from vB 3.0.8 to 3.5 (first RC2, then Gold).

I'm sorry, but that is nonsense. md5(md5(password) . salt) is just as secure as md5(md5_hmac(password, username) . salt). Algorithmically there is nothing less secure about HMAC than MD5, HMAC is arguably more secure because it uses a more complex algorithm. I know compatibility-wise resetting passwords is the recommended action from Jelsoft, but at least stick with the truth and don't say it's "more secure", because it isn't. If you ask users to reset their passwords 99.9% will reset it to their old password, so the only difference will be the way it is stored in the database.
He means it doesn't hurt to have users change their password anyway, despite the layer of security, passwords should be rotated more frequently to avoid abuse.


All times are GMT. The time now is 08:30 AM.
Page 2 of 4 1 2 34
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01141 seconds
  • Memory Usage 1,746KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (7)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete