MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Merge System Support > User password concern
Full Version: User password concern
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Roliana

2012-05-02, 09:21 PM
[I just posted, but this is a different concern]

I recently converted my phpbb2 forum to MyBB using MyBB Merge. I was anticipating having to get all my users to reset their passwords. But to my surprise, I didn't have to do anything. Why is this? It looks like phpbb2 and MyBB use different encryption methods. How did MyBB figure out what the password was so that they could convert it? Phpbb2 uses md5 which can't be decrypted. I'm just a little confused, but also interested in how this works.

Dark Entities

2012-05-03, 01:46 AM
It uses a plugin that comes with the merge system that checks logins that haven't been converted through the original software's encryption method, then converts it to MyBB's method, or at least that's how i understand it.

Ex:
MyBB uses md5(md5(hash).md5(pass))
phpBB uses something else, let's pretend it's just md5(pass) because i have absolutely no clue what they use.

Somebody logs in with the password "ilikepie".
Merge login plugin checks if the password has been converted,
if not:
check if password is correct by running md5(ilikepie)
if it is correct generate the has then run md5(md5(hash).md5(ilikepie))
then store the result from the above and the hash into the mybb users table, and mark the user as converted.
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Merge System Support > User password concern