Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions

Reply
 
Thread Tools Display Modes
  #1  
Old 06-16-2007, 02:55 AM
Norco Norco is offline
 
Join Date: Jun 2007
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Removing Salt

Hello everyone.

I just purchased a vbulletin forum, which I want to integrate my users from my current site (a user system which I coded, and has approximately 4000 members. I thought all I would need to do is transfer them into the vb user table, but I noticed the salt which I don't use on my site which I am wanting to integrate with. I do use md5 encryption for the passwords although.

I am wondering how I would go about removing the salt system from my forum so it doesn't use it to login / out. I've already searched the forum for such things, but no one really said how, or just mentioned its a big security risk (I'm willing to take that chance).

Thanks to anyone who helps me through this process. And please remember, if you are, explain in a little more detail then you probably usually are used to. I don't know to much about anything.. I just installed vbulletin today!
Reply With Quote
  #2  
Old 06-16-2007, 03:30 AM
Coders Shack Coders Shack is offline
 
Join Date: Apr 2007
Location: Culver City, CA
Posts: 807
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

mass email telling them to request their passwords? or mass password reset message. lol
Reply With Quote
  #3  
Old 06-16-2007, 03:36 AM
Norco Norco is offline
 
Join Date: Jun 2007
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Right now I am thinking it would be easier to use the same salt system on my website usersystem... but how? Hmmm.

Even if I did install it, I would have to mass email all 4000 members linking to a password reset form where they would have to enter their email, which would email them a temporary password, but would update the hash for it. Problem is about that is I have no clue how to do it... I would need to find the same type of salt system vb uses, or extract it from the coding..
Reply With Quote
  #4  
Old 06-16-2007, 04:33 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

salt is a random 3-character combination generated on registration, so you would simply have to assign users a random 3-letter combination. Passwords are encrypted like so:
PHP Code:
md5(md5($password) . $salt
Reply With Quote
  #5  
Old 06-16-2007, 02:59 PM
Norco Norco is offline
 
Join Date: Jun 2007
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Ok, I have decided to migrate the salt system to my user system on my website. In the coding for the salt system I've come up with.. this is how is randomly sets a salt:


PHP Code:
$salt md5(rand(1,5000) * rand(1,5000) * rand(1,5000));

$password md5($password $salt); 
I would 'NOT' be using the vbulletn registration system, it would all be done through my website. So.. if everyone of my useres reset their password (which I would include the whole salt thing when its done) it would update for the site system, and the forum?

Right?
Reply With Quote
  #6  
Old 06-16-2007, 08:40 PM
Brad Brad is offline
 
Join Date: Nov 2001
Posts: 4,765
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

In vBulletin the salt is generated like this;

From the file /includes/class_dm_user.php

PHP Code:
    /**
    * Generates a new user salt string
    *
    * @param    integer    (Optional) the length of the salt string to generate
    *
    * @return    string
    */
    
function fetch_user_salt($length SALT_LENGTH// Note; by default SALT_LENGTH is 3
    
{
        
$salt '';

        for (
$i 0$i $length$i++)
        {
            
$salt .= chr(rand(32126));
        }

        return 
$salt;
    } 
Depending on how your current system works you may or may not need to reset the passwords. Can you give us some code to look at?

Once you get your custom registration system hashing passwords like vBulletin all you'll have to do is get that data over to the vBulletin database (pretty easy task).
Reply With Quote
  #7  
Old 06-16-2007, 09:27 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You could just set the salt column in the users table to '' (null string) for everyone - and edit the function that vb uses (shown above) to always return '' as well.

(in fact, defining SALT_LENGTH as 0 might be enough, not sure where that is set)
Reply With Quote
  #8  
Old 06-17-2007, 12:10 AM
Brad Brad is offline
 
Join Date: Nov 2001
Posts: 4,765
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Line 18 in the file class_dm_user.php

I usually change it to something other than the default when I install vBulletin. I don't know if it helps much but hey...why not?
Reply With Quote
  #9  
Old 06-17-2007, 12:50 AM
Norco Norco is offline
 
Join Date: Jun 2007
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

What could would you like to see? Login?

Edit; I need to know like, how the login of the vb uses the salt with the md5 encrypted password to check if it is right.
Reply With Quote
  #10  
Old 06-17-2007, 04:27 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It just compares the two passwords.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 07:42 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.07267 seconds
  • Memory Usage 2,256KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete