MyBB Community Forums

I'm not sure if this is the right place to ask, but I want to know what will be basic requirements for MyBB 1.8 ?
I mean... especially PHP version!
Thank you.

PHP 5.2

Thank you, StefanT, for your quick reply.
One more question, please: what kind of hashing algorithm will use MyBB 1.8 for passwords? I'm just curious. I tried to dig in code (1.8 alpha) but... I'm not too advanced in coding.
Its MD5? SHA1?
It's possible that MyBB 2.0 to use PHP version 5.5 integrated password hashing function?

L.E.: I see in 'functions.php' that is used MD5 to generate a unique code for POST request (and prevent XSS/CSRF attacks):

function generate_post_check()
{
	global $mybb, $session;
	if($mybb->user['uid'])
	{
		return md5($mybb->user['loginkey'].$mybb->user['salt'].$mybb->user['regdate']);
	}
	// Guests get a special string
	else
	{
		return md5($session->useragent.$mybb->config['database']['username'].$mybb->settings['internal']['encryption_key']);
	}
}

But for passwords? I just try to understand what hashing algorithm will use MyBB 1.8 or... 2.0 for passwords...
Thank's.

The hashing algorithm hasn't been changed as PHP 5.2 doesn't support BCrypt.

Oh, I see... ok. Indeed, PHP 5.2 doesn't support BCrypt. I think... the minimum version required is PHP 5.3.7 (with additional library or something)...

(2012-06-06, 12:51 AM)Nathan Malcolm Wrote: [ -> ]We wouldn't change the password hashing system in a minor release. Nothing has changed.

Eh, maybe will be used by MyBB 2.0... A MAJOR RELEASE!
Thank you for answers and a good day.

L.E.: Increasing Password Hash security - this topic was last year. Maybe... just maybe... current hash method will be changed in MyBB 2.0. At least, this is what I hope to happen.

Was hoping for better password encryption, as the whole password cracking is getting ridiculous.

It will no doubt be rewritten in 2.0 though as you quoted, it won't change in 1.8, that's unreasonable. If you're adamant for changing the method, and you've not got an open forum, you could rewrite the hashing algorithm before you register users (though that means YOUR password would also need to be rehashed). But the current system is tried and true.

(2013-11-13, 07:41 AM)Seabody Wrote: [ -> ]though that means YOUR password would also need to be rehashed

...the reason is because, when MyBB (1.6x or 1.8) is installed for the first time, MY (superadmin) password is hashed with the current method, right?

Anyway, I don't want to change core files so... no. I really think that is more safe to keep current method... Like you said: "the current system is tried and true.".

I was just curious about what version of php will be used by 2.0 and if will have another password encryption method.

Thank you.

Unless there's a major change, 2.0 will almost certainly use BCrypt.

(2013-11-12, 09:30 AM)Flavius Popa Wrote: [ -> ]I'm not sure if this is the right place to ask, but I want to know what will be basic requirements for MyBB 1.8 ?
I mean... especially PHP version!
Thank you.

You can check out this page.