Hi guys ;)
We have a 1300+ users forum based on phpBB, and we would like to convert it to SMF.
I have tried doing it locally yesterday, but I can't login to SMF after conversion with my password. From what I see in the database, passwords haven't changed. What do I have to do? Do I have to change maybe pawwsord field type or something?
I was fascinated when I installed SMF, but I need to make passwords work automatically because I'll have a riot on forum LOL
Any hints?
Quote from: SupaDucta on March 03, 2005, 07:48:59 AM
I have tried doing it locally yesterday, but I can't login to SMF after conversion with my password. From what I see in the database, passwords haven't changed. What do I have to do? Do I have to change maybe pawwsord field type or something?
Are you using a modified phpBB, at all? By default, phpBB only md5's the password - which SMF can automatically and seamlessly handle. If it's not working, I would guess the passwords were stored differently or elsewhere.
-[Unknown]
It is modified with some additional tables and mods, but users table is untouched, and passwords are stored as they are by default.
Strangely, looking at password hashes in relevant phpBB and SMF tables - they are identical.
Let me try doing it again from the beginning to a fresh SMF install, see what happens...
Well, for example, in phpBB, if you used "test", you'd get:
098f6bcd4621d373cade4e832627b4f6
However, SMF does it differently. In SMF, It's additionally hashed with the username so it's member specific, among other things. So, when you try to log in, the password *IS* wrong. The trick is, it notices that it is right using phpBB's hashing, and so it lets it through and fixes the situation.
SMF 1.1 will actually have cleaner support for this, and more secure as well. Regardless, as long as the passwords are using just plain md5, it should be fine.
-[Unknown]
Hm, I'll try again then... see what happens... thanks ;)
Tried again, same again. I am using (as an admin) the same u/p on both forums. Converted to SMF, couldn't login.
As far as I can see, the password field in phpBB forum is as it should be by default.
I will try to upload fresh install of SMF to our server and try to migrate there, just in case my local Windows mySQL produces a problem, but to be honest I don't understand. Obviously no one else reported this problem...
Quote from: SupaDucta on March 06, 2005, 01:28:24 PM
I will try to upload fresh install of SMF to our server and try to migrate there, just in case my local Windows mySQL produces a problem, but to be honest I don't understand. Obviously no one else reported this problem...
Well, what happens if you run this query?
SELECT MD5('yourpassword');
What is phpMyAdmin? (http://www.simplemachines.org/community/index.php?topic=21919.0) Do you get your password field in phpBB?
-[Unknown]
Quote from: [Unknown] on March 06, 2005, 06:42:22 PM
Well, what happens if you run this query?
SELECT MD5('yourpassword');
I get a completely different hash than it is in my user entry in the database. The problem is I have inherited this forum from a friend who doesn't want to admin it anymore, and he obiously strenghtened the default encryption.
Thanks unknown, you have helped me pinpoint the issue, so it (as I did suspect actually after seeing no one reported such a problem) is not SMF related.
I just have to find this guy again, contact him and ask him what exactly did he do with passwords, or migrate a forum anyway and tell users to reset passes.
Thanks, and my apologies for taking your time.
BTW. I am absolutely in love with SMF. It is more than double faster than phpBB with the same number of users/posts/threads. That code parses like a lightning ;)
OK, figure dout the phpBB way.
Instead of default md5, our user passes are stored using md5(md5($password . "SOMEWORD"));
Can someone be kind and advise me on how to proceed here?
What are my choices? I can revert back to default md5 for phpBB and migrate it.
Is there a way (and how practical would it be) to leave it and use it in SMF?
Thanks ;)
what do you mean by "SOMEWORD" :P if you can explain, i might be able to help you
This is our phpBB user password encryption: md5(md5($password . "SOMEWORD"));
where SOMEWORD is one particular word we use.
You could add that to Sources/LogInOut.php as one of the encryption upgrade paths.
-[Unknown]
so find this in Sources/LogInOut.php:
// Old style encryption... now's the only time to fix it.
if ($user_settings['passwd'] == crypt($_REQUEST['passwrd'], substr($_REQUEST['passwrd'], 0, 2)) || $user_settings['passwd'] == md5($_REQUEST['passwrd']))
{
updateMemberData($user_settings['ID_MEMBER'], array('passwd' => '\'' . $md5_passwrd . '\''));
$user_settings['passwd'] = $md5_passwrd;
}
add this directly after:
// SupaDucta phpBB...
elseif ($user_settings['passwd'] == md5(md5($_REQUEST['passwrd'] . 'SOMEWORD')))
{
updateMemberData($user_settings['ID_MEMBER'], array('passwd' => '\'' . $md5_passwrd . '\''));
$user_settings['passwd'] = $md5_passwrd;
}
then just run the conversion normally...this will allow users with the SOMEWORD password to login, then as they do it will automatically convert it to SMF 1.0 style..
Thanks Kirby, I'll try that.
Will post here on results.
;)
Kirby... works like a charm! YAHOOOOOOOOOOOOOOOOOOOOOOOOO!
Thanks A LOT ;)
no problem :)