Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 03-05-2008, 10:37 PM
DHDesign DHDesign is offline
 
Join Date: Sep 2007
Posts: 14
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default non-VB using VB - password change

we have an intranet system we've built and it utilizes vBulletin's login system and so forth...everything works like a charm so far.

question is: there is a My Profile section that users will use to change their password...we dont want to use vBulletin's password change page, cause we have our own design.

(the admin initially sets up the user with a temporary password as the site does not allow new registrations or outside access...we know who everyone is)

will it work to simply update the vb_user table as such when they go to the My Profile section:

Code:
$newpass = $_POST['newpass'];
$currentpassword = mysql_query("SELECT passworddate, salt FROM vb_user WHERE userid = '$userid' LIMIT 1");
$current_pass = mysql_fetch_array($currentpassword);
$vbsalt = $current_pass['salt'];
$pass_hash = md5(md5($newpass) . $vbsalt);
$passdate = date('Y-m-d');
$updatepassword = mysql_query("UPDATE vb_user SET password = '$pass_hash', passworddate = '$passdate' WHERE userid = '$userid'");
i implemented this and it worked, BUT, now i have users trying to log in a couple of days later and now all of a sudden, they cant...so the admin needs to reset the password and they can get back in again.

so is something wrong with how we are changing the password?
Reply With Quote
  #2  
Old 03-06-2008, 12:50 AM
WhaLberg's Avatar
WhaLberg WhaLberg is offline
 
Join Date: Nov 2006
Location: Dersaadet
Posts: 569
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I had faced that problem once. Try it as:
PHP Code:
md5($newpass $vbsalt); 
Reply With Quote
  #3  
Old 03-06-2008, 01:42 AM
DHDesign DHDesign is offline
 
Join Date: Sep 2007
Posts: 14
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

so drop the brackets around $newpass?

so it would be:
Code:
$pass_hash = md5(md5($newpass . $vbsalt));
OR

Code:
$pass_hash = md5($newpass . $vbsalt);
and also, so is client-side encryption using vbulletin_md5.js not necessary?

the thing is also that users are having no problems getting in, and they change the password and it encrypts correctly...its only after a few days that they log in where they are suddenly not able to anymore...very strange...so im thinking it might have something to do with session hash's or something since im just updating the database with the new encrypted password rather than go through the entire process vbulletin goes through for password changes.

thoughts?
Reply With Quote
  #4  
Old 03-06-2008, 04:33 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

PHP Code:
$pass md5(md5($rawpass) . $salt); 
Using the vBulletin User Datamanager is the recommended way as it updates the caches/etc. as well.
Reply With Quote
  #5  
Old 03-06-2008, 05:43 AM
WhaLberg's Avatar
WhaLberg WhaLberg is offline
 
Join Date: Nov 2006
Location: Dersaadet
Posts: 569
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I had written a conversion script once for a board software. I tried passwords as md5(md5($password . $salt)) but it didn't work, so I tried it as md5($password . $salt) and it did work.
Reply With Quote
  #6  
Old 03-06-2008, 10:49 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Maybe because the board already MD5 hashed it once .
Reply With Quote
  #7  
Old 03-06-2008, 11:29 AM
WhaLberg's Avatar
WhaLberg WhaLberg is offline
 
Join Date: Nov 2006
Location: Dersaadet
Posts: 569
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Absolutely.
Reply With Quote
  #8  
Old 03-06-2008, 12:49 PM
DHDesign DHDesign is offline
 
Join Date: Sep 2007
Posts: 14
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

if we have an SSL on the site, could i make things simpler and just remove the javascript client-side md5 encryption that vbulletin uses?

that way, the password would be sent as clear text, hashed and matched to the encryption on the database...then there would be no need for the cache settings and so on.

reason i ask is also that i created a test script to see what the output of the md5 client side encryption is and it doesnt match what is on the database side for the same password...im guessing since the client side encrypts with the license of the board whereas the database side is with the salt found in the user table....correct? or am i missing something?

ps - thanks for the responses, much appreciated!
Reply With Quote
  #9  
Old 03-06-2008, 02:31 PM
Opserty Opserty is offline
 
Join Date: Apr 2007
Posts: 4,103
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Not sure but this might help you: https://vborg.vbsupport.ru/showpost....85&postcount=7

Hence why the client side doesn't match the Database to begin with.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:52 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04289 seconds
  • Memory Usage 2,244KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_code
  • (2)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (9)post_thanks_box
  • (9)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (9)post_thanks_postbit_info
  • (9)postbit
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete