Bcrypt

by kloddant 3 Stars 273 Downloads

Upgrades the login system by storing hashes using bcrypt instead of md5.

Project Details

Upgrades the login system by storing password hashes using bcrypt instead of md5 and by not rehashing the password every time a user makes a failed login attempt.  Also makes login backwards-compatible with unsalted md5 login setups such that, if the salt field of the database is blank, the software will accept the md5 password hash.  This plugin is backwards-compatible with MyBB md5 password hashing and will not rehash values in the database until the user changes their password.  The use of hooks for this functionality was not possible, so this plugin modifies files on activation and creates backups.  On deactivation, it restores the file from the oldest backup it has.  

This plugin explicitly sets the usergroup of the user to the primary usergroup on activation, so newly registered users will always have their initial display group set to "Awaiting Activation" when this plugin is installed.

Warning
Once the passwords are hashed using Bcrypt, they cannot be unhashed obviously, so even though this plugin can be "turned off", its changes cannot be reversed unless you have a backup database.  Use this at your own risk, especially since it is still in development.  Make sure to make a backup database prior to installation.

Requirements
  • MyBB 1.8.7-1.8.8
  • php >= 5.5.0

Upgrading:
Any time you upgrade your MyBB version, this plugin has a potential to break.  Uninstall before upgrading, and then reinstall after.  The latest version it has been tested for is 1.8.8.

Alternatives:
Modifications:
This plugin modifies 3 files on the filesystem.  Modificatons to these files will be overwritten by upgrades to MyBB, so be sure to uninstall before upgrading and then reinstall.  
  • /inc/datahandlers/user.php
  • /inc/datahandlers/login.php
  • /inc/functions_user.php

Deprecation:
Since version 1.8.11, Devilshakerz incorporated a hook into MyBB that allows for this functionality without having to modify the filesystem, so from 1.8.11 forward, that is what I recommend using. https://github.com/Devilshakerz/mybb-dvzHash.
Author
kloddant
Collaborators
None
Version
1.0
Submitted
10-25-2016, 10:28 PM
Last Updated
03-24-2017, 01:28 AM
Bug Tracking
Open
MyBB Versions
1.8.x