MyBB Community Forums

Hi,

i'm running another script which requires user authentication and has a seperate user table. In order to avoid to seperate registration, I want to make a synchronisation script.

Therefore I need a MD5 Hash of each user's password. But it seems myBB stores no MD5 hases in the database. Is there any possibilty to get this hash without altering the myBB Code?

If not: How can a check if an entered password ist correct?

It works like this:

salt generated from random 8 character string.

md5(md5(salt).password)

And then for the login key, we generate a completely separate 50 character string, that's only set in a cookie once the user has validated their account by logging in.

Uhm, does it really use md5(md5(salt).password) ?

I tried it this way:

function mybb_user_password_check($u, $pwd)
{
	$d[salt] = mybb_user_data($u, 'salt');
	$d[pwd] = mybb_user_data($u, 'password');
	
	$p = md5(md5($d[salt]).$pwd);
	
	if($p == $d[pwd]) {
		return true;
	}
	else {
		return false;
	}
}

$pwd ist correct,
$d[salt] und $d[pwd] also return the correct data stored in the database.

Anyone knowing what's gone wrong?

actually it does use md5(md5(salt).password) - In case you didn't notice the password being passed into the function was already md5'ed so on your function you would use md5(md5(salt).md5(password)) if you weren't going to pass the password already as a md5.

Problem solved, thanks!