vb.org Archive - Password to an unhashed table

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)

- - Password to an unhashed table (https://vborg.vbsupport.ru/showthread.php?t=199277)

Exernon

12-19-2008 01:38 PM

Password to an unhashed table

Is it possible to place the exact value of the password given during registration to an unhashed column in a different table?

How to do it?

This code still gives the md5 encryption.

PHP Code:


		
			
$vbulletin->db->query_write("INSERT INTO custom_table (uid, acct_pass) VALUES (".$db->escape_string($new_uid).", '".$db->escape_string($userinfo['password'])."');

How can I store the plain password (upon registration) to a custom table so I can call the original password anytime?

Dismounted

12-20-2008 02:40 AM

You can't. As long as the user has JS enabled, a password is already MD5-hashed as it reaches the server.

In any case, why would you need a user's password and compromise the safety of your board?

Exernon

12-20-2008 05:35 AM

I need this so I can integrate my forums with my server application.

My server application uses Sha-1 encryption- if my users register in the forum, their data would be stored on another table of the same database (same with the forum's). Already done this, but the problem is on the password. Since these 2 use different encryption, isn't there anyway I can do this?

Dismounted

12-20-2008 05:38 AM

You could hack vBulletin so that it uses an SHA hash - that shouldn't be an issue.

Exernon

12-20-2008 05:48 AM

Other than this, I assume there are no other ways around it?

--------------- Added [DATE]1229760950[/DATE] at [TIME]1229760950[/TIME] ---------------

I saw this.

Quote:

Originally Posted by Marco van Herwaarden (Post 1285016)

Although not advised from a security POV, you can set 'DISABLE_PASSWORD_CLEARING' to true in your config.php, and the passwords will be passed to the server unencrypted.

But I can't seem to find it in my config.php (3.7.4).

Dismounted

12-20-2008 09:17 AM

It is not in there because it is strong not recommended to do so. You can add it yourself - but again, it is strong not recommended to do so.

Exernon

12-20-2008 10:22 AM

How about this:
https://vborg.vbsupport.ru/showthread.php?t=137188

How can I apply this hack to registration instead of login?

Marco van Herwaarden

12-21-2008 09:56 AM

1 Attachment(s)

It would be much more secure if you simply also provided the SHA1 password and store that.

You could use the attached JS-file for this.

All times are GMT. The time now is 03:49 AM.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.02927 seconds Memory Usage 1,725KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_php_printable (1)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (8)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: