How are passwords stored?

[chaudruc]

Hi, I am trying to add a user directly into the 'user' table - not using the vBulletin interface and need to know how the password is stored... I have tried to INSERT it as md5($password) but that will not validate... is there some other twist that vBulletin does before it stores the passwords using the GUI... ?

Thanks for any help.

Chris Chaudruc

[peterska2]

It double MD5's it and also adds salt (a random key per user per forum).

The best way to manually add a user is via the ACP as you can then add the user details in plain text and then vB does all the encryption for you.

[chaudruc]

Hi, thanks for your reply... I cannot use the ACP in this instance

So would I do this... to enter the password properly in the db.

md5(md5($salt.$password)) ?

Is it somewhere in the code? I have been all through register.php and cannot find how the password is treated before it is stored... any idea where I Could look?

Thanks for your help

[Reeve of shinra]

Passwords are: md5(md5('PlaintextPassword'), salt)

Try looking at includes/class_dm_user.php ... the datamanager will also do the work for you.

[Ntfu2]

check in the includes folder, class_dm_user.php there is alot in there around line 69x to like 8xx ?

Quote:

Originally Posted by Maybe this is it

Code:

	// #############################################################################
	// password related

	/**
	* Converts a PLAIN TEXT (or valid md5 hash) password into a hashed password
	*
	* @param	string	The plain text password to be converted
	*
	* @return	boolean
	*/
	function verify_password(&$password)
	{
		if (!($salt = $this->fetch_field('salt')))
		{
			$this->user['salt'] = $salt = $this->fetch_user_salt();
		}

		// generate the password
		$password = $this->hash_password($password, $salt);

		$this->set('passworddate', 'FROM_UNIXTIME(' . TIMENOW . ')', false);

		return true;
	}

	/**
	* Verifies that the user salt is valid
	*
	* @param	string	The salt string
	*
	* @return	boolean
	*/
	function verify_salt(&$salt)
	{
		$this->error('::You may not set salt manually.::');
		return false;
	}

	/**
	* Takes a plain text or singly-md5'd password and returns the hashed version for storage in the database
	*
	* @param	string	Plain text or singly-md5'd password
	*
	* @return	string	Hashed password
	*/
	function hash_password($password, $salt)
	{
		// if the password is not already an md5, md5 it now
		if ($password == '')
		{
		}
		else if (!$this->verify_md5($password))
		{
			$password = md5($password);
		}

		// hash the md5'd password with the salt
		return md5($password . $salt);
	}

	/**
	* Generates a new user salt string
	*
	* @param	integer	(Optional) the length of the salt string to generate
	*
	* @return	string
	*/
	function fetch_user_salt($length = SALT_LENGTH)
	{
		$salt = '';

		for ($i = 0; $i < $length; $i++)
		{
			$salt .= chr(rand(32, 126));
		}

		return $salt;
	}

	/**
	* Checks to see if a password is in the user's password history
	*
	* @param	integer	User ID
	* @param	integer	History time ($permissions['passwordhistory'])
	*
	* @return	boolean	Returns true if password is in the history
	*/
	function check_password_history($password, $historylength)
	{
		// delete old password history
		$this->dbobject->query_write("
			DELETE FROM " . TABLE_PREFIX . "passwordhistory
			WHERE userid = " . $this->existing['userid'] . "
			AND passworddate <= FROM_UNIXTIME(" . (TIMENOW - $historylength * 86400) . ")
		");

		// check to see if the password is invalid due to previous use
		if ($historylength AND $historycheck = $this->dbobject->query_first("
			SELECT UNIX_TIMESTAMP(passworddate) AS passworddate
			FROM " . TABLE_PREFIX . "passwordhistory
			WHERE userid = " . $this->existing['userid'] . "
			AND password = '" . $this->dbobject->escape_string($password) . "'"))
		{
			return true;
		}
		else
		{
			return false;
		}
	}

Edit* someone beat me to it while i was searching for this