MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.2 Series > MyBB 1.2 General Support > How to encrpt the password ?
Full Version: How to encrpt the password ?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

shanthi

2008-06-03, 06:45 AM
Hi,

I want to know that how the passwords are encrpted?.I want to encrpt as my own.Is there any possibities to change?
Please send me the solution asap.

Thank you.

BMR777

2008-06-03, 01:32 PM
You can call functions in MyBB if you want to encrypt the password from somewhere else. So, for a PHP file you would have something like:

<?php
include 'inc/functions_user.php';
include 'inc/functions.php';

//Get your data from a form, then sanatize

$uname = $_POST['uname']; //Username
//Protects your server from hackers
$uname = preg_replace("/[^a-zA-Z0-9s]/", "", $uname);

$pw = $_POST['pw']; //User's Password
//Protects your server from hackers
$pw = preg_replace("/[^a-zA-Z0-9s]/", "", $pw);  

//Make a new password and salt

$salt = random_str();
$loginkey = generate_loginkey();
$saltedpw = md5(md5($salt).md5($pw));

?>

This file takes in a username and password, then makes the password compatible with MyBB 1.2.X in the $saltedpw variable. This code should also work for MyBB 1.4. Notice at the top the INCLUDE statements, change the filepaths to the locations of those two MyBB files on your server. You can modify this script then to insert the users into the database with a SQL query if you like, then they should work inside of MyBB.

BMR777

dikidera

2008-06-03, 01:39 PM
Salt is good..with fried potatoes
Ok seriously now! What do you need to know for if it is not a secret?

Dennis Tsang

2008-06-04, 03:23 AM
BMR777 Wrote:You can call functions in MyBB if you want to encrypt the password from somewhere else. So, for a PHP file you would have something like:

<?php
include 'inc/functions_user.php';
include 'inc/functions.php';

//Get your data from a form, then sanatize

$uname = $_POST['uname']; //Username
//Protects your server from hackers
$uname = preg_replace("/[^a-zA-Z0-9s]/", "", $uname);

$pw = $_POST['pw']; //User's Password
//Protects your server from hackers
$pw = preg_replace("/[^a-zA-Z0-9s]/", "", $pw);  

//Make a new password and salt

$salt = random_str();
$loginkey = generate_loginkey();
$saltedpw = md5(md5($salt).md5($pw));

?>

This file takes in a username and password, then makes the password compatible with MyBB 1.2.X in the $saltedpw variable. This code should also work for MyBB 1.4. Notice at the top the INCLUDE statements, change the filepaths to the locations of those two MyBB files on your server. You can modify this script then to insert the users into the database with a SQL query if you like, then they should work inside of MyBB.

BMR777


That is incorrect for existing users, as you need to use the existing salt, not generate a new one.

The correct algorithm goes as follows:
1) Get username and password from a form
2) Select the user from the database based on the username
3) Use the salt from the database entry, and hash the password as follows:
md5(md5($salt_from_database).md5($username_from_form));
4) Check the hashed password in #3 to the password stored in the database.

I'll leave it to you to convert that to PHP, but I'll refer you to the validate_password_from_username() and validate_password_from_uid() functions as a reference.
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.2 Series > MyBB 1.2 General Support > How to encrpt the password ?