MyBB intergration

[exdiogene]

I would think that it would be easier to edit the Adoptables script as MyBB has a lot more files depending on the integrety of the member.php

[Arianna]

Yes, you do have a point. :)
However, it does set default values on stuff like that, I think. And another thing - banning might be a problem. xP
And yet another thing - I looked at the passwords on both things, and they are encoded differently. xP[hr]
Another thing, though - I think registering on the forum is more important for my needs. xP

[exdiogene]

I tohught they were both MD5 encoded?

[Arianna]

Maybe one is different. If I use a test password - 'password' the MD5 is '5f4dcc3b5aa765d61d8327deb882cf99' right? I'll edit and see what happens. :)
By the way, do you know what 'salt' is in the mybb table?[hr]
This is what I have, straight from phpmyadmin. This is the password encoding.
adopts_users: 5f4dcc3b5aa765d61d8327deb882cf99
mybb_users: 7370faafe822e685d2fe3e535f6fe78e

Certainly not the same...[hr]
The second one (mybb) doesn't fit, look.
Password | | | password
Crypt Hash | | | 1$s7aoXaH7NEs
MD5 Hash | | | 5f4dcc3b5aa765d61d8327deb882cf99
SHA Hash | | | 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
MD5 Salted Hash | | | 0fh3vXJhFAOnI

[exdiogene]

i tihnk MyBB uses salt and hash, i have asked how to intergrate on the MyBB forum and nobody has replied.[hr]
It seems that (when you change the table it gets the name and pass from) it only has trouble decoding the pass. Any ideas anyone? Sea? Brandon?[hr]
MyBB Salt is the way it encodes the pass to make it more secure, anyone know how to use salts in the adoptables script?

[Arianna]

I asked too - I hope they answer.
I don't know how to use salts in the adoptables script, sadly. It uses another column in the table - that's about all i know.

[exdiogene]

well salts are just used ot make the bruteforcing of passwords a longer process, it simply takes the pass and adds the salt on the end, then converts it to MD5 (i think)

For example:

You have a password = "password" which has a MD5 hash of "5f4dcc3b5aa765d61d8327deb882cf99"
but if you add a salt = "eth7"
the string becomes = "passwordeth7"
which makes the MD5 = "804462e52e923941708106a10c6fb416"
So, unless the hacker has the correct salt in their dicitonary after the password then the time taken to crack is considerably longer.[hr]
I think it should be something like this, i know its not the right way round but...:

PHP Code:

$password = md5($password,$salt);

$query = "SELECT * FROM mybb_users WHERE username = '$username'";
$result = @mysql_query($query);
$num = @mysql_numrows($result);

//Loop out code
$i=0;
while ($i < 1) {

$luser=@mysql_result($result,$i,"username");
$lpass=@mysql_result($result,$i,"password,");
$lsalt=@mysql_result($result,$i,"salt,");

$i++;
}

if($username == $luser and $password == $lpass, $lsalt){
$article_title = "Login Successful!"; 


[Arianna]

I saw that it was something like
(md5(salt[$.password]))
Or the like. The problem is, it won't log in on both, I think.

[exdiogene]

Quote:

(md5(salt[$.password]))

On MyBB?

And yes sessions could be an issue. We could probably get it so the logins work on both.

So: in login.php

PHP Code:

$password = md5($password); 


should beocme:

PHP Code:

$password= md5(salt[$password])); 


Then the salt and pass need to be extracted form the database and matched to the string. Correct?

[Seapyramid]

Session cookies are the hardest part to set up. They are quite confusing as well. Your bridge has to incorporate a simple cookis session for Adopts & a complicated one for the forum & even the simple one gets complicated. http://www.w3schools.com/PHP/php_sessions.asp gives you some background but it takes time to actually figure it all out.

Sea