![]() |
Hi,
I'm using vBulletin in an intranet, where we already have several applications all with SSO (single sign-on) based on unix login/passwd like CVS, Bugzilla... I wrote a script to synchronize my database into vBulletin. As I'm a Unix user, I have only access to the crypt password, not the plain password, so I populated the field password into the table user with the crypted passwd (second field of the yellow pages map). Then I looked into hacking vBulletin to support crypted passwords. I only had to change ONE line: diff -r1.1 member.php 47c47 < if ($user[password]!=$password) { // check password --- > if ($user[password]!=crypt($password,substr($user['password'],0,2))) { // check password it seems to work, but I'm a bit concerned: it's too simple. I've surely missed something :mad: but what :confused: ? Thanks, |
Yes it does seem a bit too simple.
You should take a look at the Admin CP login routine, as well as the 'forgotten password' feature. I guess register and change profile would be an issue as well if you plan to use those. |
You must look at this hack first
http://vbulletin.com/forum/showthrea...threadid=18868 and customise it to use your encryption scheme. |
Hi gedescamps,
I had a similar problem using MD5. Only when I couldn't log into my CP did I realise there were more changes... :D There are 3 files to change: member.php (lost password, logon, etc.) register.php (initial registration) admin/sessions.php (for passwords into CP) Also see: http://www.vbulletin.com/forum/showt...threadid=23957 (A hack I released covering MD5 encrypted passwords) |
Good, it seems that it is that simple...
vBulletin is a slave of the Unix login/passwd 1) registration is disabled. 2) no simple way to get clear-text password (of course, there is always crack...) I modified the mail template to tell users to use their usual Unix login/passwd, or go see a Sysadmin if they forgot it. 3) Everynight a script synchronize Unix (Yellow pages) on vBulletin. I left the special account for administering vBulletin with its clear-text password (Argh !) Thanks for vBulletin. Looks great ! I'm about to see how my 220 users are going to react to it. PS: I realized that there was no standard place for the full name. (first name, middle initial, last name) Will it be possible to have this in the next version ? |
Quote:
|
All times are GMT. The time now is 12:35 AM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
![]() |
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|