I need to import some users from an old forum to the user database.

I do know how to put the usernames, emails,... in the database but i need to know how to encrypt the passwords so these users can login!

right now i've got all the users without encryptet passwords, so is there a function i can use to write the passwords into the user table correctly?

i guess the funtion i'm looking for is somewhere inbb_func_regusr.php - but where??

thanx for your help, great forum!!

miniBB stores all passwords one-way encoded by MD5 algorithm. This is defined in a function writeUserPwd() of bb_cookie.php file.

I guess, mySQL has a built-in function for MD5.

thanks, just found the function myself :)

i just needed to fill in the passwords via

$encrypted_password = md5($password);

works fine!

cheers
t

In my database password is looking like: 5d45c58ea1ef37f17c2f885219215426
Can any one know how can I see what exactly the password is(in the format of string)?
Any tool how to convert this 5d45c58ea1ef37f17c2f885219215426 to String?

that's a cheat.. so it's not good you know your user passwords... ;)

Currently smtp server is not working because of some port is blocked. So currently email things is not working. If some one forgot his/her password I have to check the database and need to send the password manually. So the password is save in the database md5-hash format. Thats what I want to know how can decode the password.

Its will helpful if some one know how can I decode it :)

There is no way to decode MD5-hash back. Oh, may be there is a brute force method to hack it, but if the password is difficult to guess, it could take years :-)

I think, for your case, you just need initially to store passwords clear. Modify bb_cookie.php file - function writeUserPwd(). Where it says return md5($pwd); it should be just return $pwd;

However this will not work for older users. This must be set up initially as soon as you start the board and get new registrations.

I have one question. In miniBB is password saved as hash MD5. But i want in this shape mkd5(md5($pass).$nick) ... It is very dangerous when is saved as only hash. It is possible for change?
If you do not do this, please tell me where is login, registration, ... And i will change it.
Sorry for my english.

Look up in bb_cookie.php -> writeUserPwd() function.

It gets only clear password parameter from the other scripts, and returns encoded value.

I think it's fully enough to use just a more stronger encoding function, if you want so, replacing md5 there.

I'm not sure what mkd5 is about though.

"Dangerous" is not the proper word for that. Dangerous is to driving after drinking 0,5 l of vodka or loving a woman.

If we use md5 that only means somebody could steal your cookie where this value is stored, and spend about many years trying to decode it, I doubt it would be worth just for the forum. Forum software is not that thing where you must care about security.

If somebody is stealing your cookie, it's not the problem of miniBB furthermore. It's a problem more serious than you can imagine. Because forum cookie is kids thing. If they can steal a forum cookie, they could steal also more "serious" cookie.

But if you provide a not-easy-to-guess password, it's already the strong protection against stealing it, doesn't depending on hash :)

All MD5 hash is done so in only one function? So when I change the contents of function, everything will work?

Yes, that's the only change you should do. At least it's supposed to work :)
As far as I know it merely works if you replace md5 to sh1, for example.
Try it and let us know.

now i change function in bb_cookie.php to function writeUserPwd($pwd){
return sha1(md5($pwd).$pwd);
}
register is ok, but login is worst. password is not correct

So if you change to that function, you should keep in mind the length of the password field in users table of miniBB. Currently it's = 32 but I suppose it's not enough for SHA1 algorithm, it should have 40 symbols at least.

So you must upgrade this field's length to have 40 chars.