vbulletin password hash - how do I integrate

[SkyCatcher]

Hi all,



I need some help asap.



I've got another php application that requires you to log on. I've tried to integrate this into vbulletin's database.



Both vb and the app share the 'user' databases userid, username and password fields.



The problem is that VB and the other app create, mask, or hash the passwords differently!



So although the other app sees that I am a user, the password I enter will be incorrect because it can't read vb's pass with the salt and all.



Can someone please help me come up with a way to make the other app login using vb's method, or at least be able to decrypt password the same way vb does so I can log on to both the forum and this other app?





I've added the login.php test from the other app.

PHP Code:

 <?

session_start();

include ("config/config.php");

include ("config/settings.php");

include ("config/datecalc.php");

if (isset($loginok)||$islogin=="yes") { 

$getusr=mysql_query("SELECT * FROM user WHERE username='$username'");

$row=mysql_fetch_array($getusr);

$thepass=$row['password'];

$mbid=$row['userid'];

$mbname=$row['name'];

$mbuser=$row['username'];

$isactive=$row['active'];

//echo "THE PASS: $thepass, PASS: ".md5($password);

if (substr($thepass,0,10)==substr(md5($password),0,10)&&$password!=""&&$username!="") {

if ($isactive==1) {

session_register('membersarea');

session_register('memberid');

    $memberid=$mbid;

session_register('membername');

    $membername=$mbname;

session_register('memberusern');

    $memberusern=$mbuser;

} else if ($isactive!=1&&$setts[account_mode]==2) {

//session_register('membersarea');

session_register('memberid');

    $memberid=$mbid;

session_register('membername');

    $membername=$mbname;

session_register('memberusern');

    $memberusern=$mbuser;

if (!session_is_registered('accsusp')) {

    session_register('accsusp');

     $_SESSION[accsusp]=2;

}

} else if ($isactive!=1&&$setts[account_mode]!=2) {

$accsusp=1;

}

}

}

include ("themes/$setts[default_theme]/header.php");

?>

<? header5(strtoupper($lang[memberlogin])); ?>

<table width="100%" border="0" cellspacing="0" cellpadding="0">

<tr> 

    <td class="contentfont">

     <br> 

     <? if (session_is_registered('membersarea')||$_SESSION[accsusp]==2) { 

if ($auctionid!=0&&$redirect=="") $link="auctiondetails.php?id=$auctionid";

else if ($redirect=="sell") $link="sellitem.php";

else if ($redirect=="buynow") $link="buynow.php?id=$auctionid";

else if ($redirect=="swapitem") $link="swapitems.php?id=$auctionid";

else if ($redirect=="invoice") $link="invoice.php?id=$memberid";

else $link = "membersarea.php";

echo "<p class=contentfont align=center>$lang[loading]</p><p>&nbsp;</p>";

echo "<script>window.setTimeout('changeurl();',500); function changeurl(){window.location='$link'}</script>";

}

else {

 

if ($accsusp==1) {

echo "<p class=contentfont align=center>$lang[susp_login]</p><br>";

} else {

?>

 

     <form action="login.php" method="post">

        <input type="hidden" name="redirect" value="<?=$redirect;?>">

        <table width="400" border="0" cellpadding="4" cellspacing="4" align="center" class="border"> 

         <tr class="c3"> 

            <td width="50%" align="right"><?=$lang[username]?></td>

            <td width="50%"><input name="username" type="text" id="state4" class="contentfont"></td>

         </tr>

         <tr class="c2"> 

            <td width="50%" align="right"><?=$lang[pass]?></td>

            <td width="50%"><input name="password" type="password" id="state5" class="contentfont"></td>

         </tr>

         <tr> 

            <td colspan="2" align="center" class="c4"><input name="loginok" type="submit" id="loginok" value="<?=$lang[memberlogin]?>"></td>

         </tr>

         <tr> 

            <td colspan="2" align="center" class="c2">

            <a href="lostpass.php"><?=$lang[forgotpass]?></a></td>

         </tr>

        </table>

     </form>

     <br> 

     <? }

} ?>

    </td>

</tr>

</table>

<? include ("themes/$setts[default_theme]/footer.php"); ?>

[SkyCatcher]

Anyone? I'm stumped and really don't know how to fix this

[SkyCatcher]

A friend came through for me - all fixed.

[SRozhon]

wish you would have shared the answer here

[dionak]

agreed. if you come back, it would be helpful to share the answer.

[WetWired]

The vB password is the md5 of the password, with the salt appended and md5ed again.

Code:

$vbpassword=md5(md5($password).$user['salt']);