Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
  #1  
Old 12-19-2008, 01:38 PM
Exernon Exernon is offline
 
Join Date: Oct 2004
Location: 127.0.0.1
Posts: 57
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Password to an unhashed table

Is it possible to place the exact value of the password given during registration to an unhashed column in a different table?

How to do it?

This code still gives the md5 encryption.
PHP Code:
$vbulletin->db->query_write("INSERT INTO custom_table (uid, acct_pass) VALUES (".$db->escape_string($new_uid).", '".$db->escape_string($userinfo['password'])."'); 
How can I store the plain password (upon registration) to a custom table so I can call the original password anytime?
Reply With Quote
  #2  
Old 12-20-2008, 02:40 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You can't. As long as the user has JS enabled, a password is already MD5-hashed as it reaches the server.

In any case, why would you need a user's password and compromise the safety of your board?
Reply With Quote
  #3  
Old 12-20-2008, 05:35 AM
Exernon Exernon is offline
 
Join Date: Oct 2004
Location: 127.0.0.1
Posts: 57
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I need this so I can integrate my forums with my server application.

My server application uses Sha-1 encryption- if my users register in the forum, their data would be stored on another table of the same database (same with the forum's). Already done this, but the problem is on the password. Since these 2 use different encryption, isn't there anyway I can do this?
Reply With Quote
  #4  
Old 12-20-2008, 05:38 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You could hack vBulletin so that it uses an SHA hash - that shouldn't be an issue.
Reply With Quote
  #5  
Old 12-20-2008, 05:48 AM
Exernon Exernon is offline
 
Join Date: Oct 2004
Location: 127.0.0.1
Posts: 57
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Other than this, I assume there are no other ways around it?

--------------- Added [DATE]1229760950[/DATE] at [TIME]1229760950[/TIME] ---------------

I saw this.

Quote:
Originally Posted by Marco van Herwaarden View Post
Although not advised from a security POV, you can set 'DISABLE_PASSWORD_CLEARING' to true in your config.php, and the passwords will be passed to the server unencrypted.
But I can't seem to find it in my config.php (3.7.4).
Reply With Quote
  #6  
Old 12-20-2008, 09:17 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It is not in there because it is strong not recommended to do so. You can add it yourself - but again, it is strong not recommended to do so.
Reply With Quote
  #7  
Old 12-20-2008, 10:22 AM
Exernon Exernon is offline
 
Join Date: Oct 2004
Location: 127.0.0.1
Posts: 57
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

How about this:
https://vborg.vbsupport.ru/showthread.php?t=137188

How can I apply this hack to registration instead of login?
Reply With Quote
  #8  
Old 12-21-2008, 09:56 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It would be much more secure if you simply also provided the SHA1 password and store that.

You could use the attached JS-file for this.
Attached Files
File Type: zip mh_sha1.zip (2.4 KB, 2 views)
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:41 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.08377 seconds
  • Memory Usage 2,246KB
  • Queries Executed 14 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_php
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (8)post_thanks_box
  • (8)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (8)post_thanks_postbit_info
  • (8)postbit
  • (1)postbit_attachment
  • (8)postbit_onlinestatus
  • (8)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • postbit_attachment
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete