Login Script help!

[ComputerModding]

This should be quick and simple I hope

I have two servers, on server one I have a VB board with 5,500 + members. On server 2 I have a script I have written myself in PHP for the members to use, so I would like to use the members table on server one for my custom script, that bit is easy and the two servers are already talking to eachother fine.

I have written members scripts before but trying to reverse programme the VB login code is a little over my head, in the past I have just used SHA1, MD5 or a combination of the two for a registration and member login page, but I see from the database that VB uses a password salt.

Can anybody advise on the code used to encrypt a users password using the salt so I can make my custom script encrypt and compare the passwords of my VB? this will save my members alot of time having to re-register an account just to use the script ( I have googled this over the past few days and so far not found anything concreat that I can use)

Thanks in advance

Kevin

[Marco van Herwaarden]

https://vborg.vbsupport.ru/showthrea...highlight=salt

See: Authentication Storage

[ComputerModding]

Thats just what I needed cheers Marco.

Thought even VB would of moved over to using sha1 by now md5 is still good with triple encryption though.

[baca85]

niether sha1 or md5 are actually secure now not without a salt. Personally I use the newer sha2 algorithms with a salt.

[Dismounted]

vBulletin will probably never move off the current algorithm because it would be a pain to do so. And many people don't have hash() installed and enabled.

[baca85]

well its enabled by default in php5 and since php6 is coming out soon and php4 now no longer being supported more people with have hash install and enabled by default surely. However i do agree it would be a pain in the backside to convert all the passwords for users but surely having the option to use sha1 and sha2 should be an option?