How can I generate a vBulletin password salt for the md5 hash while importing user data?

10,426

Solution 1

I don't know if this answer is too late, but you should be able to automatically transfer your passwords into vBulletin.

vBulletin generates its hashes this way:

$hash = md5(md5($plaintext) . $salt);

So, to transfer the users over, do roughly the following:

$salt = /* generate salt */;
$vb_hash = md5($your_old_hash . $salt);

To make it easy on yourself, use vBulletin's salt generation method. It's in the vB_DataManager_User class.

Solution 2

If your old system used unsalted hashes, and vBulletin uses salted ones, then if you want users to keep their passwords you will have to modify vBulletin to use unsalted ones too. I'm not familiar with the vBulletin code, but if each user has their own salt value, perhaps just setting this to an empty string will suffice.

Failing that, write a page to enable a user to transition to the new system. You can direct users to a page when their login fails, and it would check their credentials against the old system, and create a new salt and hash for the new system.

Share:
10,426
Tom
Author by

Tom

Studying Computer Science at The University of Edinburgh

Updated on June 04, 2022

Comments

  • Tom
    Tom over 1 year

    I'm transferring users from my old database to a vBulletin database.

    I want a script to do this as it'll take forever otherwise.

    I have all the user's passwords stored just like md5(password)

    But of course, this doesn't work with vBulletin due to salts etc.

    So my code is this:

    <?Php
    mydatabase_connect();
    $select=mysql_query("SELECT * from `users`");
    while($user=mysql_fetch_array($select)) {
    
        forum_connect();
        $check=mysql_query("SELECT * from `user` where `username` = '{$user[username]}'");
        if(mysql_num_rows($check)>="1") {
            echo "fail";
            }else{
            $insert=mysql_query("INSERT into `user` SET `username` = '{$user[username]}', `password` = '{$user[password]}', `email` = '{$user[email]}'");
            if($insert) {
                echo 'success';
                }else{
                echo 'fail';
            }
        }
        mydatabase_connect();
    }
    ?>
    

    How would I change it to work with vBulletin - so I can set a vBulletin user.password field and vBulletin user.salt correctly. Bearing in mind that my $user[password] or users.password is stored as an md5 hash of their real, text password.

    Thanks!