The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
||||
|
||||
Changing Hash
I was wondering, how do you change vB's password hashing system to md5() instead of md5(md5($pass).$salt)?
I know a lot of people are probably going to tell me not to change the hash, but when syncing a user database that hashes MD5 only and i don't got an option to change it, vB's hashing system is incompatible and since vB is the one I can change I don't exactly got an option. |
#2
|
|||
|
|||
I think I'd search the source for md5( and check everywhere to see if it's a place that needs to be changed. Actually I think there may only be one place where it does a hash on passwords to compare them to the database (but don't hold me to that).
I wouldn't tell you not to do it, but I do wonder why you want to because if you have a password a user enters you can check it in either database by applying the right functions, and there doesn't seem to be any reason to store the same encrypted value in two databases. |
#3
|
||||
|
||||
Basically I am working with a game engine that uses just md5() to hash the password, and vB uses md5(md5($pass).$salt). The login system for the game engine is built into the source code and I don't have source access. This leaves me having to edit vB so that I can use the same database for both since they need the same exact user table.
|
#4
|
|||
|
|||
Oh...that makes sense.
|
#5
|
||||
|
||||
Anyways the only place for the password that I have seen is in includes/functions_login.php, lines 170-172
Code:
$vbulletin->userinfo['password'] != iif($password AND !$md5password, md5(md5($password) . $vbulletin->userinfo['salt']), '') AND $vbulletin->userinfo['password'] != iif($md5password, md5($md5password . $vbulletin->userinfo['salt']), '') AND $vbulletin->userinfo['password'] != iif($md5password_utf, md5($md5password_utf . $vbulletin->userinfo['salt']), '') using: http://www.insidepro.com/hashes.php?lang=eng to generate hash I changed those lines of code to: Code:
$vbulletin->userinfo['password'] != iif($password AND !$md5password, md5($password), '') AND $vbulletin->userinfo['password'] != iif($md5password, md5($md5password), '') AND $vbulletin->userinfo['password'] != iif($md5password_utf, md5($md5password_utf), '') |
#6
|
|||
|
|||
The browser will run one md5 on the password if it has js available, which is why that code checks the md5password parameter with one less md5. So I think you'd need to check the md5password parameters without doing anything to them.
I think you can also have the password in a cookie, so you'll probably need to find that to have "remember me" work. Also there's got to be a place where the password is set or reset (unless you're not going to use vb's code for that at all). |
#7
|
||||
|
||||
Ok so basically I just need to string this out of my login form:
Code:
<form action="" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)"> <script type="text/javascript" src="http://www.forum.divineshadowsonline.com/clientscript/vbulletin_md5.js"></script> As for the setting the password, i've been looking for that as well and can't find anything. I've used notepad++, opened every single file and ran a global search and nothing comes up.. This whole script is so disorganized and I cant find anything. The closest thing i found to that was the same type of code setup as above |
#8
|
|||
|
|||
Quote:
Seems like it should - but is there really no "action" in there? I'm not sure how that works. Quote:
Sorry, if I had known you were going to search by opening every file I'd have done it for you . Anyway, the files with md5(md5( in them are: class_bootstrap.php class_core.php class_dm_user.php profile.php functions_login.php I guess class_dm_user and profile have to do with setting the password. I don't know what's going on in the other 2. |
#9
|
||||
|
||||
Thanks. I'll look into it when i have the time. Something came up :-/
|
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|