The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Password Hash Algorithm
Hi, according to other threads the following SHOULD compute the password hash for vBulletin:
md5(md5($rawpassword).#seed) where seed is the user hash. However, it's not working on my server. Passwords do work within vBulletin but not when I am trying to set up a script licensing site to use the same vBulletin logins. When I run the same formula drawing from the same exact database, I get a different result. Not going to post the hash here but they are completely different results. Does anyone have a clue why that would be happening? |
#2
|
||||
|
||||
Its a salt, not a seed, but where are you getting the salt from?
Here is a query I use to reset passwords: Code:
UPDATE user set password = MD5(concat(MD5('NewPassword'), user.salt)) WHERE userid = UserID |
#3
|
|||
|
|||
Thanks. Salt is what I mean. Not sure why I said seed.
--------------- Added [DATE]1377819932[/DATE] at [TIME]1377819932[/TIME] --------------- Here is my problem. This is not a real salt but it shows the special characters I am running into. I changed the alphanumeric characters. 6K)Gf"Y@LqQs|{N_ 6K)Gf"Y@LqQs|{N_ 0 [49] This is what I see in phpMyAdmin and when I print_r($res) of the particular record I testing with. What I get with the below code: Code:
$userhash = $res[0]['hash']; It seems almost like something changed in PHP because if something funky is in the hash character wise, the string is getting chopped. Is there a way around this? --------------- Added [DATE]1377820593[/DATE] at [TIME]1377820593[/TIME] --------------- To explain what I am after, I want to set up a licensing site where the members login to the website using the same credentials as they use in the forum, but still a separate login, that is not sharing sessions. However, the above problem is stopping me and has me stumped as to what is causing PDO to chop part of it. Do I need to set a character set or something in the database? |
#4
|
|||
|
|||
I don't know how you're getting special characters in salt. Salt is limited to ascii 33 to 126. None of those are control or special characters.
Now if you're getting special characters in your hash, that's a problem with your hash coding. Not with salt. |
#5
|
|||
|
|||
Quote:
EDIT: I figured out the problem. When user salt contains nonconventional characters (see nhawk's post), MD5 produces different results between php and MySQL. |
#6
|
|||
|
|||
Worth a try:
md5( ( md5( trim( $rawpassword ) ) . trim($salt) ) |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|