Hello,
He wanted to know how to remove the Password MD5 Encrypter in Database
Passwords aren't encrypted, they're hashed.
What exactly are you looking to do? If you're asking how to crack the hashes then we can't help you with that.
Once they're hashed they can't be undone.
To have passwords not hashed to begin with would require a ton of core file edits. It would also be immensely insecure.
Why do you want to do this?
I think the OP wants to remove password hashing altogether.
Why? Are you going to change it to like a sha256? If you are going to leave it plaintext to enter your users' accounts, that can be illegal. If someone gains access to your database (maliciously), then they know everyone's passwords.
Don't pull a Sony. Yes, I just said that
(2012-04-10, 01:22 AM)Nathan Malcolm Wrote: [ -> ]Passwords aren't encrypted, they're hashed.
What exactly are you looking to do? If you're asking how to crack the hashes then we can't help you with that.
No, I'm developing an application that uses an Integrated System Login to the Forum, but in the Time of the Database Insert the passwords are Encrypted, ai the application will not recognize the password.
(2012-04-10, 01:44 AM)Paul H. Wrote: [ -> ]Once they're hashed they can't be undone.
To have passwords not hashed to begin with would require a ton of core file edits. It would also be immensely insecure.
Why do you want to do this?
I just wanted to remove the Encrypt function, so that the passwords were not Inserted in Encrypted Database;
As I said above, for my project be completed, I presciso remove encryption, so that the application recognizes the password.
(2012-04-10, 01:44 AM)GamerVoid Wrote: [ -> ]I think the OP wants to remove password hashing altogether.
Why? Are you going to change it to like a sha256? If you are going to leave it plaintext to enter your users' accounts, that can be illegal. If someone gains access to your database (maliciously), then they know everyone's passwords.
Don't pull a Sony. Yes, I just said that :P
I do not want commit any illegal act, only I have access to the Database;
There are functions in MyBB you can use to integrate and verify passwords. Poke around a bit in the
sourcedocs
You can run your application with the MyBB hashed passwords simply by following the same hash pattern. You definitely do not need to store or view the plain text password to achieve this.
And fyi it's not illegal to store a pw in plaint text. It's just very irresponsible.
// If we have a "password2" check if they both match
if(isset($user['password2']) && $user['password'] != $user['password2'])
{
$this->set_error("passwords_dont_match");
return false;
}
// MD5 the password
$user['md5password'] = $user['password'];
// Generate our salt
$user['salt'] = generate_salt();
// Combine the password and salt
$user['saltedpw'] = salt_password($user['md5password'], $user['salt']);
This is the part of the function of MD5; you can help me to try to remove it?
Will be very grateful!
remind to never visit your site.
you should simply make your application replicate the password hashing MyBB uses and then compare that way.
You don't need to make them enter or store in md5 format. They are automatically hashed. To check if their passwords match. For example, just like member.php does when a new user registers by updating the entered password by user by converting it into md5 format:
update_password($user['uid'], md5($password), $user['salt']);