Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 12-16-2011, 07:02 PM
dog199200's Avatar
dog199200 dog199200 is offline
 
Join Date: Sep 2010
Location: Missouri
Posts: 40
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Changing Hash

I was wondering, how do you change vB's password hashing system to md5() instead of md5(md5($pass).$salt)?

I know a lot of people are probably going to tell me not to change the hash, but when syncing a user database that hashes MD5 only and i don't got an option to change it, vB's hashing system is incompatible and since vB is the one I can change I don't exactly got an option.
Reply With Quote
  #2  
Old 12-16-2011, 07:59 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I think I'd search the source for md5( and check everywhere to see if it's a place that needs to be changed. Actually I think there may only be one place where it does a hash on passwords to compare them to the database (but don't hold me to that).

I wouldn't tell you not to do it, but I do wonder why you want to because if you have a password a user enters you can check it in either database by applying the right functions, and there doesn't seem to be any reason to store the same encrypted value in two databases.
Reply With Quote
  #3  
Old 12-16-2011, 09:27 PM
dog199200's Avatar
dog199200 dog199200 is offline
 
Join Date: Sep 2010
Location: Missouri
Posts: 40
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Basically I am working with a game engine that uses just md5() to hash the password, and vB uses md5(md5($pass).$salt). The login system for the game engine is built into the source code and I don't have source access. This leaves me having to edit vB so that I can use the same database for both since they need the same exact user table.
Reply With Quote
  #4  
Old 12-16-2011, 09:33 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Oh...that makes sense.
Reply With Quote
  #5  
Old 12-16-2011, 09:50 PM
dog199200's Avatar
dog199200 dog199200 is offline
 
Join Date: Sep 2010
Location: Missouri
Posts: 40
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Anyways the only place for the password that I have seen is in includes/functions_login.php, lines 170-172

Code:
			$vbulletin->userinfo['password'] != iif($password AND !$md5password, md5(md5($password) . $vbulletin->userinfo['salt']), '') AND
			$vbulletin->userinfo['password'] != iif($md5password, md5($md5password . $vbulletin->userinfo['salt']), '') AND
			$vbulletin->userinfo['password'] != iif($md5password_utf, md5($md5password_utf . $vbulletin->userinfo['salt']), '')
yet if i edit the first line to remove the first md5, it says invalid login every time even after rerunning the hash.

using: http://www.insidepro.com/hashes.php?lang=eng to generate hash


I changed those lines of code to:
Code:
			$vbulletin->userinfo['password'] != iif($password AND !$md5password, md5($password), '') AND
			$vbulletin->userinfo['password'] != iif($md5password, md5($md5password), '') AND
			$vbulletin->userinfo['password'] != iif($md5password_utf, md5($md5password_utf), '')
and tested it all with the "testing" as the pass, hashed "ae2b1fca515949e5d54fb22b8ed95575"
Reply With Quote
  #6  
Old 12-16-2011, 11:30 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The browser will run one md5 on the password if it has js available, which is why that code checks the md5password parameter with one less md5. So I think you'd need to check the md5password parameters without doing anything to them.

I think you can also have the password in a cookie, so you'll probably need to find that to have "remember me" work. Also there's got to be a place where the password is set or reset (unless you're not going to use vb's code for that at all).
Reply With Quote
  #7  
Old 12-16-2011, 11:43 PM
dog199200's Avatar
dog199200 dog199200 is offline
 
Join Date: Sep 2010
Location: Missouri
Posts: 40
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Ok so basically I just need to string this out of my login form:

Code:
<form action="" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)">
<script type="text/javascript" src="http://www.forum.divineshadowsonline.com/clientscript/vbulletin_md5.js"></script>
just leaving the forum value without the onsubmit, or would that not work?

As for the setting the password, i've been looking for that as well and can't find anything. I've used notepad++, opened every single file and ran a global search and nothing comes up.. This whole script is so disorganized and I cant find anything. The closest thing i found to that was the same type of code setup as above
Reply With Quote
  #8  
Old 12-16-2011, 11:52 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by dog199200 View Post
Ok so basically I just need to string this out of my login form:

Code:
<form action="" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)">
<script type="text/javascript" src="http://www.forum.divineshadowsonline.com/clientscript/vbulletin_md5.js"></script>
just leaving the forum value without the onsubmit, or would that not work?

Seems like it should - but is there really no "action" in there? I'm not sure how that works.


Quote:
As for the setting the password, i've been looking for that as well and can't find anything. I've used notepad++, opened every single file and ran a global search and nothing comes up.. This whole script is so disorganized and I cant find anything. The closest thing i found to that was the same type of code setup as above

Sorry, if I had known you were going to search by opening every file I'd have done it for you . Anyway, the files with md5(md5( in them are:

class_bootstrap.php
class_core.php
class_dm_user.php
profile.php
functions_login.php


I guess class_dm_user and profile have to do with setting the password. I don't know what's going on in the other 2.
Reply With Quote
  #9  
Old 12-18-2011, 04:55 AM
dog199200's Avatar
dog199200 dog199200 is offline
 
Join Date: Sep 2010
Location: Missouri
Posts: 40
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks. I'll look into it when i have the time. Something came up :-/
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:40 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04303 seconds
  • Memory Usage 2,244KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (4)bbcode_code
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (9)post_thanks_box
  • (9)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (9)post_thanks_postbit_info
  • (9)postbit
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete