The Arcive of vBulletin Modifications Site.

THE UNCEN · #1 06-11-2009, 05:47 AM

I'm making a separate login system. Can someone briefly explain to me how the vbulletin system checks passwords?

Dismounted · #2 06-11-2009, 06:42 AM

Passwords in the database are hashed like so:

PHP Code:


			
$password = md5(md5($plaintext) . $salt);

THE UNCEN · #3 06-12-2009, 03:28 AM

What is the $salt formula they use?

Dismounted · #4 06-12-2009, 06:07 AM

It is the "salt" field in the database row for the user.

THE UNCEN · #5 06-14-2009, 04:07 AM

Thanks!

Next question... what does vbulletin use to create the password stored as the bbpassword cookie?

Dismounted · #6 06-14-2009, 04:36 AM

It is the hashed password, along with the "cookie salt" (license number).

PHP Code:


			
$cookie = md5($password . COOKIE_SALT);

THE UNCEN · #7 06-14-2009, 10:47 PM

Ah, that gets me past that.

Next question... does vbulletin check the password in the DB every time it loads a page? I want to know the work flow vB uses to verify the user.

ForumsMods · #8 06-14-2009, 11:07 PM

PHP Code:


			
function verify_authentication($username, $password, $md5password, $md5password_utf, $cookieuser, $send_cookies)
{
    global $vbulletin;

    $username = strip_blank_ascii($username, ' ');
    if ($vbulletin->userinfo = $vbulletin->db->query_first("SELECT userid, usergroupid, membergroupids, infractiongroupids, username, password, salt FROM " . TABLE_PREFIX . "user WHERE username = '" . $vbulletin->db->escape_string(htmlspecialchars_uni($username)) . "'"))
    {
        if (
            $vbulletin->userinfo['password'] != iif($password AND !$md5password, md5(md5($password) . $vbulletin->userinfo['salt']), '') AND
            $vbulletin->userinfo['password'] != iif($md5password, md5($md5password . $vbulletin->userinfo['salt']), '') AND
            $vbulletin->userinfo['password'] != iif($md5password_utf, md5($md5password_utf . $vbulletin->userinfo['salt']), '')
        )
        {
            $return_value = false;
            ($hook = vBulletinHook::fetch_hook('login_verify_failure_password')) ? eval($hook) : false;
            if (isset($return_value))
            {
                // unset $return_value if you want to run the $send_cookies stuff
                return $return_value;
            }
        }
        else if ($vbulletin->userinfo['password'] == '')
        {
            // sanity check, though there should never really be an empty string for a password
            $return_value = false;
            ($hook = vBulletinHook::fetch_hook('login_verify_failure_password')) ? eval($hook) : false;
            if (isset($return_value))
            {
                // unset $return_value if you want to run the $send_cookies stuff
                return $return_value;
            }
        }

        if ($send_cookies)
        {
            if ($cookieuser)
            {
                vbsetcookie('userid', $vbulletin->userinfo['userid'], true, true, true);
                vbsetcookie('password', md5($vbulletin->userinfo['password'] . COOKIE_SALT), true, true, true);
            }
            else if ($vbulletin->GPC[COOKIE_PREFIX . 'userid'] AND $vbulletin->GPC[COOKIE_PREFIX . 'userid'] != $vbulletin->userinfo['userid'])
            {
                // we have a cookie from a user and we're logging in as
                // a different user and we're not going to store a new cookie,
                // so let's unset the old one
                vbsetcookie('userid', '', true, true, true);
                vbsetcookie('password', '', true, true, true);
            }
        }
        $return_value = true;
        ($hook = vBulletinHook::fetch_hook('login_verify_success')) ? eval($hook) : false;
        return $return_value;
    }

    $return_value = false;
    ($hook = vBulletinHook::fetch_hook('login_verify_failure_username')) ? eval($hook) : false;
    return $return_value;
}

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.05985 seconds Memory Usage 4,742KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (3)bbcode_php (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (8)post_thanks_box (8)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (8)post_thanks_postbit_info (8)postbit (8)postbit_onlinestatus (8)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/functions_amr.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages: