vB 3.6.0 password question

[Ninth Dimension]

Hello one and all, I'm in the process of adapting an existing site of mine to use data from the vB database, specifically the username and password.

On my existing site, I'm using a simple md5() to encode the password in the database, but it would appear that vB 3.6.0 uses a diffrent method. Can anyone tell me what this is, so I can adapt my existing script to do the same thing.

I would assume it has something to do with the passworddate field in the vb_user table, but I'm not sure.

Any help you can provide would be most helpful, thank you

UPDATE: It's OK, I think I've found out how to do it: https://vborg.vbsupport.ru/showpost....6&postcount=32

[DWard]

No that's not right, I've just done some looking into this because I wanted to make a quick vblogin script...OK,

When you make a login script, you query the password from the row that belongs to that user right? OK, on the same row, you will find a cell called 'salt', which holds a random peice of junk. You need to use that salt cell along with the MD5 encryption of the entered password to make the same as what's in the database.

You almost have it right on that thread, but you are just putting 'salt' as a normal piece of text when it is actually a variable that you need to gather from the user records.

Don't just copy the whole lot, this is just an extract of the script I used, but you can see what I am doing

PHP Code:

$result = mysql_query("SELECT password, salt FROM `".$db_prefix."user` WHERE `username` = '".$_POST['username']."'");
$salt = mysql_result($result, 0, salt);
$passwd = $_POST['password'];

// Then when encrypting, you'd use this to check against the user.password cell:
$enc_passwd = md5(md5($passwd).$salt); 


Got it?

[Ninth Dimension]

I realised that salt didn't just mean 'salt', I saw the salt field in the database a while ago, and was always interested to find out what it was - now I know

I've had my site converted to my new system for a while now, but thank you for the help anyway