trying to convert from yabb2.1 , now can't log in as admin

Started by rkleemann, September 24, 2008, 12:23:03 PM

Previous topic - Next topic

SleePy

Well, we can try this.
Go edit your account in the database. Change the password field to just be a plain text password.
See if SMF can recognize this and log you in. I wonder if there may be a issue with your SMF install not wanting to let you login because it can't detect the password right.
Jeremy D ~ Site Team / SMF Developer ~ GitHub Profile ~ Join us on IRC @ Libera.chat/#smf ~ Support the SMF Support team!

rkleemann

Exact same problem with the cleartext pwd.

What's most strange to me is that it doesn't even output any error.

I think I'll try to add some debug to LogInOut.php and see what happens.

rkleemann

Any more clues on this?

I don't know why the login doesn't work, but I have 981 members and need to try to make this work...

Thanks
Ricardo

SleePy

Did you debug login like you said?

I had the same issue locally, but this was due to a weird install of php I had where the md5 function was causing issues.
After I commented out the md5 compatibility functions in LogInOut.php I was able to login.

We can try that here if you want?
Jeremy D ~ Site Team / SMF Developer ~ GitHub Profile ~ Join us on IRC @ Libera.chat/#smf ~ Support the SMF Support team!

rkleemann

Quote from: SleePy on October 02, 2008, 06:35:41 PM
Did you debug login like you said?

I had the same issue locally, but this was due to a weird install of php I had where the md5 function was causing issues.
After I commented out the md5 compatibility functions in LogInOut.php I was able to login.

We can try that here if you want?

Thanks SleePy. I haven't had a chance to try it out again. I do know that I re-converted the members with your script even after changing the md5, and that still didn't work... so I don't know what could be wrong.

SleePy

Try this LogInOut.php
I commented out almost all md5 functions.

If this doesn't work, we can add some debug code in the login file to see where things are going wrong.
Jeremy D ~ Site Team / SMF Developer ~ GitHub Profile ~ Join us on IRC @ Libera.chat/#smf ~ Support the SMF Support team!

rkleemann

Quote from: SleePy on October 03, 2008, 02:26:18 PM
Try this LogInOut.php
I commented out almost all md5 functions.

If this doesn't work, we can add some debug code in the login file to see where things are going wrong.

Hi SleePy,

Here's what I did. I emptied the smf_members table and re-ran the yabb21-members_to_smf.php script which you provided a few days ago.

One strange thing about that script is that it quickly converts the users (I can see in mysql), but it actually doesn't finish, it keeps on going (doing I don't know what), it doesn't output any status and I have to click the stop button on the browser.

Anyway, after inserting the users (smf_members now has correct 981 entries), I try login with the LogInOut.php you provided. Now what I get is Password Incorrect for any member I try.

The format of the password in the table is like "5280e84f8be43fcbc874a94aa5899d2a"

SleePy

Well that is a hashed password. Do they look like that befor they go to smf? Meaning are they hashed like that in the yabbs user files?
Jeremy D ~ Site Team / SMF Developer ~ GitHub Profile ~ Join us on IRC @ Libera.chat/#smf ~ Support the SMF Support team!

rkleemann

Quote from: SleePy on October 05, 2008, 01:21:06 PM
Well that is a hashed password. Do they look like that befor they go to smf? Meaning are they hashed like that in the yabbs user files?

Hi,

Ok, here's the pwd in the vars file of yabb2.1:
I2rslD5dyn7O29ye51i2CA

and in mysql for SMF:
236aec943e5dca7ecedbdc9ee758b608

So looks to me like the script is still hashing the original password

rkleemann

Quote from: rkleemann on October 05, 2008, 04:01:55 PM
Quote from: SleePy on October 05, 2008, 01:21:06 PM
Well that is a hashed password. Do they look like that befor they go to smf? Meaning are they hashed like that in the yabbs user files?

Hi,

Ok, here's the pwd in the vars file of yabb2.1:
I2rslD5dyn7O29ye51i2CA

and in mysql for SMF:
236aec943e5dca7ecedbdc9ee758b608

So looks to me like the script is still hashing the original password

Any more clues on this?

SleePy

Try the one I posted in the above post. It shouldn't be converting the password at all.
Jeremy D ~ Site Team / SMF Developer ~ GitHub Profile ~ Join us on IRC @ Libera.chat/#smf ~ Support the SMF Support team!

rkleemann

Quote from: SleePy on October 07, 2008, 12:26:54 PM
Try the one I posted in the above post. It shouldn't be converting the password at all.

I'll give it a try... but that one doesn't only convert members, it's the whole conversion, right?

rkleemann

Ok,

I used the latest script you provided.

Now the passwords are no longer hashed, but I still get incorrect password. So I'm guessing SMF is not able to match yabb 2.1 passwords.

Also, I'm having another problem now... I changed the server's IP, and my original SMF install, as I was testing locally, actually configured an IP for the URL.

Now I can't seem to get SMF to properly use the new hostname. I changed the Settings.php with the new board_url. That didn't do it. So I searched around the database and see that the IP is still referenced in the smf_smileys table. But still that didn't fix everything.

The style sheet is still referencing the old url. Isn't there one single place where the url can be changed? I have to do this manually

ThorstenE

How do I move my SMF board to a different host? should help you .. you need the repair_settings.php and then fix all pathes for themes etc.

rkleemann

Quote from: TE on October 08, 2008, 01:49:44 AM
How do I move my SMF board to a different host? should help you .. you need the repair_settings.php and then fix all pathes for themes etc.

Great! thanks, the repair_settings.php worked great.

Now I just need to be able to login!  ;)

SleePy, like I said in the previous reply, now the password is no longer hashed, but SMF won't work with the original yabb21 password.  :(

SleePy

Alright,

I will need to look around I guess and figure out how the passwords are being handled then in Yabb now

Edit,
I assume you know what your login password is and the hashed version of it in Yabb?
I can run some tests here to see if I have figured out the password hashing method. I think they are using a md5 then a base64 encoding hash method. Kinda hard to tell because its perl, but I have seen enough of perl to pick up the basics and know the simple stuff it is doing.

Only way to tell would be for us to try to encode it that way.

These where files I was going to have you run. Just replace the password with your regular password and run it on a server. It should generate the hashed version.

<?php echo base64(md5("password")); ?>



<?php echo md5(base64("password")); ?>
Jeremy D ~ Site Team / SMF Developer ~ GitHub Profile ~ Join us on IRC @ Libera.chat/#smf ~ Support the SMF Support team!

rkleemann

Quote from: SleePy on October 09, 2008, 11:43:14 AM
Alright,

I will need to look around I guess and figure out how the passwords are being handled then in Yabb now

Edit,
I assume you know what your login password is and the hashed version of it in Yabb?
I can run some tests here to see if I have figured out the password hashing method. I think they are using a md5 then a base64 encoding hash method. Kinda hard to tell because its perl, but I have seen enough of perl to pick up the basics and know the simple stuff it is doing.

Only way to tell would be for us to try to encode it that way.

These where files I was going to have you run. Just replace the password with your regular password and run it on a server. It should generate the hashed version.

<?php echo base64(md5("password")); ?>



<?php echo md5(base64("password")); ?>


I'm confused... has this conversion ever worked before?

I'm looking at the YaBB2.1 code and they use md5_base64 from Digest::MD5.

I tried both lines of code you suggested and neither of those 2 produced something equivalent to my yabb21 password.

taking the text of my password,

md5_base64 returns I2rslD5dyn7O29ye51i2CA

base64_encode(md5()) returns MjM2YWVjOTQzZTVkY2E3ZWNlZGJkYzllZTc1OGI2MDg=

I even tried php's md5 and base64_encode by themselves and none produced the perl result I2rslD5dyn7O29ye51i2CA

md5(base64_encode()) returns 823da3bb402c17d9dda3ba0e72e0306e

SleePy

Well it has worked before. But I don't think much testing was done on encrypted passwords. One of the problem with Yabb is it is all flat file. So we have to use some methods such as exploding each line by a | to seperate the data out. Then we basically have to count off each and use that as the index for which part of the array contains what. So if they keep changing that on us along with other methods, it keeps us having to work and figure it out. With the possibilities that upgrading Yabb did not change the format that they used. So we could be working with 2 or 3 different keys just to try and find something such as a password :(
The user file isn't that mean though, it has a key setup with a name. So that does help :) but not when they have different formats for us to try and play with to match.

Well that is a pain because its not returning the right encoded length.
I was asking Jay about this and he pointed out this document:
http://www.devdaily.com/scw/perl/perl-5.8.5/ext/Digest/MD5/MD5.pm.shtml

The start of the string isn't even similar even though I didn't shorten the length to 22 yet.

Are you able to pm me the plain password or generate what the yabb encoded password would be for something simple like "password"?
I will try when I get home to play with some of the hashing methods to see if I can't get the same result. Which is the issue we need to solve before we can go and alter the LogInOut.php file and have it "learn" this new hashing method.
Jeremy D ~ Site Team / SMF Developer ~ GitHub Profile ~ Join us on IRC @ Libera.chat/#smf ~ Support the SMF Support team!

SleePy

I wonder.
What does this produce?

<?php echo bin2hex(base64_decode("password")); ?>


Don't forget you need to change password to be your password for these snippets.
Jeremy D ~ Site Team / SMF Developer ~ GitHub Profile ~ Join us on IRC @ Libera.chat/#smf ~ Support the SMF Support team!

rkleemann

So, using the word "password" here are the results:

base64_encode(md5("password")) = NWY0ZGNjM2I1YWE3NjVkNjFkODMyN2RlYjg4MmNmOTk=


md5(base64_encode("password")) = 0b8b946432f1ac91f0b07bd5f8df6587


perl md5_base64("password") = X03MO1qnZdYdgyfeuILPmQ

Advertisement: