Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 Programming Discussions
FAQ Community Calendar Today's Posts Search

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 04-05-2012, 04:19 PM
nullified nullified is offline
 
Join Date: Mar 2005
Posts: 8
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default User and Password synchronization

Hello everyone,

I'm currently looking at setting up a vBulletin for a large userbase (30k people) based on the users in a proprietary management solution. I, essentially, have three issues:

(1) Nightly Synchronization
(2) Passwords
(3) Rights Management

I do have PHP experience and have written a few things for vBulletin, but truth be told, I haven't touched the code for years (mostly, I hacked vB 2 and early vB 3) so please bear with me.

(1) Synchronization
I don't think this would be too much of an issue to program: we already push userassword:email:auxilliarydata lists to our servers over an encrypted connection and feed them into our various applications. It shouldn't be too difficult to check that list against the vBulletin user list and add those people who are new/whose password changed. We can gurantee integrity of a number of fields and while there are a couple of edge cases, they are managable.
However: is it a bother to block changing the password and email address inside of vBulletin?

(2) Passwords
This is the big issue I see: we don't store passwords in vB's fashion.
We currently store passwords as md5 and sha256.

After having a cursory glance at function verify_authentication I'm actually somewhat hopeful that not all is as difficult as I had feared because if I read vBulletin's code correctly, it actually catches passwords that are "merely" md5 hashs instead of salted hashes -- if that is the case, would it be possible to simply write the md5 hashs with every synchronization and rely on that fallback to make it smooth for the users (it's not nice, but our overall ecosystem is secure enough that I don't really see the harm)

(3) Rights Management
This, too, shouldn't actually be too difficult: on synchronization, we check whether a user still exists on the list and, if he doesn't, we delete him. Right?

As said, I'm aware this does require some coding and I can put that time in, but I just want to get a little bit of feedback from people who have touched the code in the last couple of years to see wether there's an easier way or to get some pointers to get this done more quickly (i. e. am I reading verify_authentication correctly)

Regards,

null
Reply With Quote
 


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 06:03 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04455 seconds
  • Memory Usage 2,453KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_code
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (8)post_thanks_box
  • (2)post_thanks_box_bit
  • (8)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (2)post_thanks_postbit
  • (8)post_thanks_postbit_info
  • (8)postbit
  • (8)postbit_onlinestatus
  • (8)postbit_wrapper
  • (1)showthread_list
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_threadedmode.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids_threaded
  • showthread_threaded_construct_link
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete