2007-07-07, 01:23 AM
I recently converted from PunBB to MyBB, but I didn't have MyBB reset the passwords. Instead, I modified MyBB's validate_password_from_username function to accept older passwords, and then convert them to the md5 hashed equivalent. I added this code just after $user = db->fetch_array($query); on line 54 of functions_user.php.
This seems to be causing problems where I can't logout. It's really working fine, except for the fact that the session ID is.. incorrect?
I hope someone has an idea.. do I need to update the loginkey when the password is changed?? :\
Clint
//*** start punnbb to mybb password converter ***
//lets just make sure the user exists
if ($user['uid'])
{
//the user exists, we have their info in $user
//we have the password in $password, punbb uses sha1
//but its truncated to 32 chars
//matches whats in the db, then its from punbb
//my version of mybb is dumb, it doesn't use salts
//so update the password to md5, which is what was passed to the function
if (substr(sha1($password),0,32) == substr($user['password'],0,32))
{
//take the subbed pass and put a md5 encryption on it and insert it into the database
$sql = "UPDATE ".TABLE_PREFIX."_users SET password = '".$password."' WHERE uid = '".$user['uid']."'";
if (@mysql_query($sql)) { /* it was updated, now its md5 */ }
else { echo("Password Error: " . mysql_error() . "<br>Please contact your board admin immediately."); }
}
}
//*** end punnbb to mybb password converter ***
This seems to be causing problems where I can't logout. It's really working fine, except for the fact that the session ID is.. incorrect?
I hope someone has an idea.. do I need to update the loginkey when the password is changed?? :\
Clint
