I am developing a plugin that bridges MyBB with another third party software. When the plugin is installed, it adds new users to the third party database so they can log in (and have their preferences saved there). I need to add passwords, but from what I can see, MyBB encrypts passwords and that's it.
Can someone please shed some light on getting those raw passwords or have a different solution?
If you take a look at inc/functions_user file, it validates the input password hash against the hash stored in db, so the plaint text password is not released:
if(salt_password(md5($password), $user['salt']) == $user['password'])
{
return $user; //This validates
}
So you can use MyBB integrator or write some sort of own script easily to verify.
The only way to do this will be at login time, you can insert the password from the login box with whatever encryption and salting that you want. Or you can write your plugin to do the same salting and encryption test
You can do something like what the Merge System does (I think); you update the password each time a user login to the forum, you only do this once for each already registered user. For new registrations you do it upon registration, also you will need to hook at any place where the password might get changed/updated.
(2012-10-29, 11:35 PM)Omar G. Wrote: [ -> ]You can do something like what the Merge System does (I think); you update the password each time a user login to the forum, you only do this once for each already registered user. For new registrations you do it upon registration, also you will need to hook at any place where the password might get changed/updated.
That'd be the optimal solution.
For now I can connect directly to the forum database, return the encrypted the password and check if they match. It's working for now, but I'd really like to bridge the gap, but then be able to work independently if need be.
Thank you for your input everyone.
