After a successful convertion from
phpBB 3.0.11 to
smf 2.0.4 I cant solve the password problem. As I know from this topic (http://www.simplemachines.org/community/index.php?topic=218449.0) phpBB has his own custom password hash so I have to edit the '
LogInOut.php' from the SMF folder '
Sources' to add support for password conversion
before I run the convert.php. I take a look to the file. I have to edit this:
// Snitz style - SHA-256. Technically, this is a downgrade, but most PHP configurations don't support sha256 anyway.
if (strlen($user_settings['passwd']) == 64 && function_exists('mhash') && defined('MHASH_SHA256'))
$other_passwords[] = bin2hex(mhash(MHASH_SHA256, $_REQUEST['passwrd']));and add after this:
// phpBB3 users new hashing.
$other_passwords[] = phpBB3_password_check($_REQUEST['passwrd'], $user_settings['passwd']);The second edit I have to do, is before this:
?>add this:
function phpBB3_password_check($passwd, $passwd_hash)
{
// Too long or too short?
if (strlen($passwd_hash) != 34)
return;
// Range of characters allowed.
$range = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
// Tests
$strpos = strpos($range, $passwd_hash[3]);
$count = 1 << $strpos;
$count2 = $count;
$salt = substr($passwd_hash, 4, 8);
// Things are done differently for PHP 5.
if (@version_compare(PHP_VERSION, '5') == 1)
{
$hash = md5($salt . $passwd, true);
for (; $count != 0; --$count)
$hash = md5($hash . $passwd, true);;
}
else
{
$hash = pack('H*', md5($salt . $passwd));
for (; $count != 0; --$count)
$hash = pack('H*', md5($hash . $passwd));
}
$output = substr($passwd_hash, 0, 12);
$i = 0;
while ($i < 16)
{
$value = ord($hash[$i++]);
$output .= $range[$value & 0x3f];
if ($i < 16)
$value |= ord($hash[$i]) << 8;
$output .= $range[($value >> 6) & 0x3f];
if ($i++ >= 16)
break;
if ($i < 16)
$value |= ord($hash[$i]) << 16;
$output .= $range[($value >> 12) & 0x3f];
if ($i++ >= 16)
break;
$output .= $range[($value >> 18) & 0x3f];
}
// Return now.
return $output;
}But on the file 'LogInOut.php' the second edit
already exist! And by the time I try to add the mod 'phpBB3_Login_Fix.tgz' I get this error:
QuoteInstallations actions for "phpBB3_Login_Fix"
The package you are trying to download or install is either corrupt or not compatible with this version of SMF.
can pls someone help me out ??
nice! the convertor it self is for smf 2.x and the login fix is for smf 1.x ? this really make sence! I hardly try to convert my forum to smf. I search the forum and i try this:
http://www.simplemachines.org/community/index.php?topic=218449.msg1394382#msg1394382
http://www.simplemachines.org/community/index.php?topic=403022.msg2803486#msg2803486
http://www.simplemachines.org/community/index.php?topic=497029.msg3486836#msg3486836
as a result I always see this massage when i try to login with admin or normal user:
QuotePassword security has recently been upgraded. Please enter your password again.
Is somebody here from smf ?! ?! ?! ?! ?!
Quote from: Πάνο on May 30, 2013, 10:29:10 AM
QuotePassword security has recently been upgraded. Please enter your password again.
And did you enter your password again?
:laugh:
First of all I wanna thank you for taking a look. My phpBB board is located in domain.com/forum and SMF is located in domain.com/community in the same server the same database running on php ver. 5.3.20. I install the SMF forum and I modify the 'LogInOut.php' as I discribe. After I run the convert.php everythink seems to work like a charm, but than I try to login as an Admin into my new converted smf forum.
First login:
QuotePassword security has recently been upgraded. Please enter your password again.
Second login:
QuotePassword incorrect
On the third login:
I login succesfull but I lost my Admin rights
Is there
NO WAY no convert the passwords as well? I mean I can get my Admin rights back, but what happen to my user? All of them have to get a new pass from mailing system. I dont wanna do this with my users.
I just did a conversion of a forum I have handy and the password works just fine. The groups are lost.
Which converter did you use?
The one from the download page?
Quote from: Πάνο on June 01, 2013, 09:26:03 AM
Is there NO WAY no convert the passwords as well? I mean I can get my Admin rights back, but what happen to my user? All of them have to get a new pass from mailing system. I dont wanna do this with my users.
Well, in general terms, no.
The password *cannot* be converted because is encrypted and nobody knows it apart the user that sets it.
What SMF in certain cases does is to detect if the password used is encrypted in a way that is compatible with other software and in that case it asks the user to re-enter the password in order to re-encrypt it the way SMF wants.
This is the most safe way to handle things (and 2.1 from the point of view is even a bit more strict because that "compatibility mode" is not on by default, but it must be enabled).
Thank you again for the quik reply. I use the intruductions from this (http://www.simplemachines.org/community/index.php?topic=218449.msg1394352#msg1394352) topic. By the way there is a "does convert" and "does not convert" list.
Then I try this converter (http://download.simplemachines.org/?converters;software=phpbb) from the SMF downloads.
I keep searching in the SMF community for users with similar problem like mine. So I tried this 3 ways too to edit the LogInOut.php file to make the passwords get converted too: 1st topic (http://www.simplemachines.org/community/index.php?topic=218449.msg1394382#msg1394382) 2nd topic (http://www.simplemachines.org/community/index.php?topic=403022.msg2803486#msg2803486) 3rd topic (http://www.simplemachines.org/community/index.php?topic=497029.msg3486836#msg3486836)
I can handle the smf board and re-enter all settings, permissions, groups etc but this password problem? I dont want to confuse my users
On the Greek Support Forum (http://www.simplemachines.org/community/index.php?topic=500866.msg3552877#msg3552877) - thank God - Agridoc (http://www.simplemachines.org/community/index.php?action=profile;u=12503) had a smart idea for me. He found the convertor for smf 1.x in the archieved files, so I upload the smf 1.1.18 core files to my server, install the smf board and the loginfix mod (http://www.simplemachines.org/community/index.php?topic=218449.msg1394352#msg1394352) too and continiue with the convertion with succes.
After this, I and the users from my new board had no problems to login. I just have to re-enter some settings, permissions, groups etc!
I m very happy! my domain zitani.gr is using again smf as software system! I wanna thank u for ur support too dude! ;D
Well, the 1st topic you linked is the 1.1.x converter, the one from download page is for 2.0 (and the one I used without any issue). But as usual the most complex solution is always the first that looks easy... oh well, whatever.
emanuele thank you for replying here,
I have no experience with phpbb conversion but I searched for, Πάνο had done a thorough search and tests. His problem was password conversion, there are quite some messages without solution about this. It's true that passwords are many times lost with conversions but
- Jay Bachatero had written a script phpBB3_Login_Fix (http://www.simplemachines.org/community/index.php?topic=218449.msg1394352#msg1394352) in the form of mod that had to be run BEFORE conversion. Unfortunately this could not be run and tested as it was made for 1.1.x, not updated for 2.0
So i suggested to try a conversion to 1.1.18 first, with the older converter, so the script could be used before.
As Πάνο reports the result was successful.
In a large forum keeping the passwords will make all admins happy.
I believe that, from SMF's part, a rewrite of the script for SMF 2.0 and addition (not replace) in the would help a lot.
Welcome back to SMF Πάνο ;)