The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Removing Salt
Hello everyone.
I just purchased a vbulletin forum, which I want to integrate my users from my current site (a user system which I coded, and has approximately 4000 members. I thought all I would need to do is transfer them into the vb user table, but I noticed the salt which I don't use on my site which I am wanting to integrate with. I do use md5 encryption for the passwords although. I am wondering how I would go about removing the salt system from my forum so it doesn't use it to login / out. I've already searched the forum for such things, but no one really said how, or just mentioned its a big security risk (I'm willing to take that chance). Thanks to anyone who helps me through this process. And please remember, if you are, explain in a little more detail then you probably usually are used to. I don't know to much about anything.. I just installed vbulletin today! |
#2
|
|||
|
|||
mass email telling them to request their passwords? or mass password reset message. lol
|
#3
|
|||
|
|||
Right now I am thinking it would be easier to use the same salt system on my website usersystem... but how? Hmmm.
Even if I did install it, I would have to mass email all 4000 members linking to a password reset form where they would have to enter their email, which would email them a temporary password, but would update the hash for it. Problem is about that is I have no clue how to do it... I would need to find the same type of salt system vb uses, or extract it from the coding.. |
#4
|
||||
|
||||
salt is a random 3-character combination generated on registration, so you would simply have to assign users a random 3-letter combination. Passwords are encrypted like so:
PHP Code:
|
#5
|
|||
|
|||
Ok, I have decided to migrate the salt system to my user system on my website. In the coding for the salt system I've come up with.. this is how is randomly sets a salt:
PHP Code:
Right? |
#6
|
|||
|
|||
In vBulletin the salt is generated like this;
From the file /includes/class_dm_user.php PHP Code:
Once you get your custom registration system hashing passwords like vBulletin all you'll have to do is get that data over to the vBulletin database (pretty easy task). |
#7
|
||||
|
||||
You could just set the salt column in the users table to '' (null string) for everyone - and edit the function that vb uses (shown above) to always return '' as well.
(in fact, defining SALT_LENGTH as 0 might be enough, not sure where that is set) |
#8
|
|||
|
|||
Line 18 in the file class_dm_user.php
I usually change it to something other than the default when I install vBulletin. I don't know if it helps much but hey...why not? |
#9
|
|||
|
|||
What could would you like to see? Login?
Edit; I need to know like, how the login of the vb uses the salt with the md5 encrypted password to check if it is right. |
#10
|
||||
|
||||
It just compares the two passwords.
|
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|