Version: 0.11, by muf
Developer Last Online: Apr 2021
Version: 3.5.0
Rating:
Released: 09-29-2005
Last Update: Never
Installs: 12
Template Edits
Code Changes
No support by the author.
Resource : [SMF] Imported User Password Hack
Type : Source Code Modification
Version : 0.1
Author : mf @ http://www.videngineering.net
Description : After SMF import, no need to reset password!
vBulletin impex hashes all imported passwords with salt; md5(old_password . salt). For most forums, that means md5(md5(password) . salt). For SMF, however, that means md5(md5_hmac(password, username) . salt). Since vB login checks for md5(md5(password) . salt), that means an imported SMF user will have to have his/her password reset. That, or you install this little hack.
Tested : Yes, tested on 3.5.0 Stable (will not work on vB 2.x or 3.0.x)
Screenshot : None, obviously
Notes : My first hack :speechless:
Show Your Support
This modification may not be copied, reproduced or published elsewhere without author's permission.
Pretty cool, and grats as well for this being your first hack. I am sure this will be inspiration for other password hacks too.
This gave me an idea though... maybe upon importing, add all users to a secondary usergroup and have the plugin system redirect to a page where the user can enter htier old password nad have it changed to the new vb-hash format and then it takes them out of that secondary usergroup.
Pretty cool, and grats as well for this being your first hack. I am sure this will be inspiration for other password hacks too.
This gave me an idea though... maybe upon importing, add all users to a secondary usergroup and have the plugin system redirect to a page where the user can enter htier old password nad have it changed to the new vb-hash format and then it takes them out of that secondary usergroup.
Nice idea there Reeve, perhaps make that suggestion on vbcom/suggestion forum
Pretty cool, and grats as well for this being your first hack. I am sure this will be inspiration for other password hacks too.
Thanks! I might be posting other hacks in the future as I stumble upon needs that stock vBulletin lacks.
Quote:
Originally Posted by Reeve of shinra
This gave me an idea though... maybe upon importing, add all users to a secondary usergroup and have the plugin system redirect to a page where the user can enter htier old password nad have it changed to the new vb-hash format and then it takes them out of that secondary usergroup.
That wouldn't be needed, since the old passwords *ARE* stored in vB's new secure format. They're just as secure if not more secure (HMAC hashes data with a key, MD5 only hashes data), so while you have the hack installed, there is no reason to change password.
Posted it up there,... maybe the plug in can take the password entered, verify it against the old hash, then update the field with the new vb hash and take them out of the 2nd group. Then it becomes completely invisiable to the end user.
That wouldn't be needed, since the old passwords *ARE* stored in vB's new secure format. They're just as secure if not more secure (HMAC hashes data with a key, MD5 only hashes data), so while you have the hack installed, there is no reason to change password.
I agree, im just thinking aloud from the perspective of trying to eliminate the need for hack so people can throw up the default files and not have to worry about editing files.
[SMF] Imported User Password Hack Details »»
About Developer
Visit Web Site
Template Edits 
No support by the author.
09-30-2005, 06:55 PM
