IPB 2.3.x to phpBB 3

Converting from other board software? Good decision! Need help? Have a question about a convertor? Wish to offer a convertor package? Post here.
Scam Warning
Locked
geewhzz
Registered User
Posts: 8
Joined: Sat May 24, 2008 6:17 am

Re: IPB 2.3.x to phpBB 3

Post by geewhzz »

Thanks for your reply, Dicky. I did do the conversion offline with EasyPHP and shut down most all computer processes when I did it. I did the manual "click to continue." For some reason when it was converting ibf_posts it stopped after about 70k and continues on with the rest of the conversion after ibf_posts. My forum has about 330k posts so obviously something isn't going right.

As for the passwords, I followed your steps EXACTLY. Before the conversion I installed phpbb3 into the same db as my ibf_ tables. I went into the ACP and changed the login to ipb. I then put the auth_ipb.php into the includes/auth/ folder and then did the conversion. When it was done I was not able to login at all with the two accounts I have on the board.

I also read a few posts up from your 1) and 2) steps that the tables have to be named if_ and be in the same db as phpbb3. I assume this is a typo and has to be ibf_members and ibf_members_converge?

Am I missing a step on working with the passwords? What exactly can I try to get the converter to do ALL the posts and not stop in the middle and advance to doing pms and such?

Another thing I've noticed, but do not know if I should be concerned with is when using the phpbb3 converter system, it shows:

Code: Select all

skip_rows = 4001:
    138 rows/s (2000 rows) |

skip_rows = 6001:
    132 rows/s (2000 rows) |
Then when it's done, it refreshes to another page and the next 2000 rows might be from skip_rows = 6897 to skip_rows = 8897. My question is it skipping from 6002 to 6896 or is this supposed to happen?

My next resort was to try and upgrade to ipb 2.3.x and then try the converter.

Again, thanks for the timely response and your continued support around here, Dicky, you've been really awesome to almost everyone on these forums.
User avatar
D¡cky
Former Team Member
Posts: 11812
Joined: Tue Jan 25, 2005 8:38 pm
Location: New Hampshire, USA
Name: Richard Foote
Contact:

Split from IPB 2.3.x to phpBB 3 topic -- spam

Post by D¡cky »

geewhzz wrote:I also read a few posts up from your 1) and 2) steps that the tables have to be named if_ and be in the same db as phpbb3. I assume this is a typo and has to be ibf_members and ibf_members_converge?
That was a typo and I have corrected it.
Check the phpbb_users table and see if the user_pass_convert column is set to 1. Also check and see if the user_password matches the converge_pass_hash in the ibf_members_converge table.
geewhzz wrote:What exactly can I try to get the converter to do ALL the posts and not stop in the middle and advance to doing pms and such?
open php.ini and increase the max_execution_time and max_allowed_memory. These are the settings I have:
max_execution_time = 3600
max_input_time = 600
;max_input_nesting_level = 64
memory_limit = 128M

Do not be concerned about the skip rows. The skip row value does approximate the number of posts you have, so it does give you an idea of the progress of the convertor.
Have you hugged someone today?
User avatar
DragonMaster1
Registered User
Posts: 994
Joined: Tue Aug 17, 2004 11:04 am
Name: Terry
Contact:

Re: IPB 2.3.x to phpBB 3

Post by DragonMaster1 »

I have this same problem and when I added the auth_ipb.php I get:

Parse error: syntax error, unexpected T_STRING in /home/ronnieja/public_html/RJD3/includes/auth/auth_ipb.php on line 21
User avatar
DragonMaster1
Registered User
Posts: 994
Joined: Tue Aug 17, 2004 11:04 am
Name: Terry
Contact:

Re: IPB 2.3.x to phpBB 3

Post by DragonMaster1 »

DragonMaster1 wrote:I have this same problem and when I added the auth_ipb.php I get:

Parse error: syntax error, unexpected T_STRING in /home/ronnieja/public_html/RJD3/includes/auth/auth_ipb.php on line 21

I am able to “convert” my old site but then the admin name won’t work and if I ask for a password that user is not found

I am able to get in with a new user and then I find that NOTHING shows up in the conversion

Any ideas what to do here please?

Thanx In Advance!!!
User avatar
DragonMaster1
Registered User
Posts: 994
Joined: Tue Aug 17, 2004 11:04 am
Name: Terry
Contact:

Re: IPB 2.3.x to phpBB 3

Post by DragonMaster1 »

Thank you for your reply but I have decided to just start the site over to save all the problems. I have a LOT of mods added and it might be better to just start off anew.

I have found that the templates I wanted to use in a black base such as DivineBlack are extremely SLOW to post. Also that template won’t show my video files right. So I think I will try to deal with the base subsilver to keep from annoying people for taking a LONG time to post a message

Would love to figure out how to change the subsilver colors to black though :D

Thanx again
User avatar
D¡cky
Former Team Member
Posts: 11812
Joined: Tue Jan 25, 2005 8:38 pm
Location: New Hampshire, USA
Name: Richard Foote
Contact:

auth_ipb.php

Post by D¡cky »

Attached is an auth_ipb.php

1) Unzip and upload to the phpBB3 includes/auth directory
2) phpBB3 needs to be set to use auth_method ipb in the config table
3) The ipb tables need to be available, have the prefix of ibf_ and be in the same database as the phpBB3 tables
4) Delete all the files in the phpBB3 cache folder except of .htaccess and index.htm
Attachments
auth_ipb.zip
auth_ipb.php
(2.09 KiB) Downloaded 252 times
Have you hugged someone today?
geewhzz
Registered User
Posts: 8
Joined: Sat May 24, 2008 6:17 am

Re: IPB 2.3.x to phpBB 3

Post by geewhzz »

Thanks for this Dicky.

Eager to try it out tonight.

One question though, do ALL the ibf_ tables need to be there or just the two member tables?

Thanks again, will let everyone know my results when I'm done.
User avatar
D¡cky
Former Team Member
Posts: 11812
Joined: Tue Jan 25, 2005 8:38 pm
Location: New Hampshire, USA
Name: Richard Foote
Contact:

Re: IPB 2.3.x to phpBB 3

Post by D¡cky »

geewhzz wrote:Thanks for this Dicky.

Eager to try it out tonight.

One question though, do ALL the ibf_ tables need to be there or just the two member tables?

Thanks again, will let everyone know my results when I'm done.
Just the members table and the members_converge table.
Have you hugged someone today?
geewhzz
Registered User
Posts: 8
Joined: Sat May 24, 2008 6:17 am

Re: IPB 2.3.x to phpBB 3

Post by geewhzz »

Okay, I started from scratch again and tried out my conversion using the php.ini settings you offered up, Dicky. It didn't work out to well, the posts still cut off around 130,000 out of the 330,000 my database has. Not sure why it keeps doing this, something must be tripping it when it gets to that point when converting.

Also, when it finished converting I still couldn't login with this new auth_ipb file. I even checked the db to make sure ipb was the auth value in phpbb_config.

If I went ipb->phpbb2->phpbb3 would the auth file work?

I'm a bit lost at what to attempt now as everything I try has flaws in it.
User avatar
D¡cky
Former Team Member
Posts: 11812
Joined: Tue Jan 25, 2005 8:38 pm
Location: New Hampshire, USA
Name: Richard Foote
Contact:

Re: IPB 2.3.x to phpBB 3

Post by D¡cky »

If all the posts are not converting, I suggest that you do the conversion offline. I recommend WampServer. Some helpful tips for doing offline conversions are in this Knowledge Base article, Offline Conversions

Once the posts are all converted, then we can work on the logins, although I have the feeling that once everything is converted, the logins should work.
Have you hugged someone today?
geewhzz
Registered User
Posts: 8
Joined: Sat May 24, 2008 6:17 am

Re: IPB 2.3.x to phpBB 3

Post by geewhzz »

As I already mentioned I've been doing it offline. I will try a different server than EasyPHP.
geewhzz
Registered User
Posts: 8
Joined: Sat May 24, 2008 6:17 am

Re: IPB 2.3.x to phpBB 3

Post by geewhzz »

I still can't get all my posts to convert. This seems like a lost cause for me as I have no idea what's going wrong.

Dicky, is it possible to go ipb->phpbb2->phpbb3 and get passwords to work via the ipb auth method? I have converted to phpbb2 fine and all my posts converted, and when I upgraded to phpbb3 everything seemed to convert, except passwords of course.

Any help is appreciated.
User avatar
D¡cky
Former Team Member
Posts: 11812
Joined: Tue Jan 25, 2005 8:38 pm
Location: New Hampshire, USA
Name: Richard Foote
Contact:

Re: IPB 2.3.x to phpBB 3

Post by D¡cky »

It does not matter if you convert IPB > phpBB2 > phpBB3 or IPB > phpBB3. The auth_ipb.php still works the same since it initially depends on the original IPB tables for checking passwords.

Give this a try, auth_ipb_geewhzz. You will need to rename the file before using it.
Have you hugged someone today?
omarenm
Registered User
Posts: 15
Joined: Fri Feb 08, 2008 7:21 pm

Re: IPB 2.3.x to phpBB 3

Post by omarenm »

D¡cky wrote:The "Message parser error: Your message contains too few characters." is not usually a concern. The IPB post may be empty or it may have some non-latin characters in it. You can check the IPB posts text to see what the problem may be...
I have the same problem and i still cant fix it. The whole convertion ends, but it doesnt import the post becasuse the forums says "This board has no forum". The phpbb_post has the same numbers of arrows of my ibf table but, all post_text arrows have something like this [BLOB - 2.2 KB] i think thats the problem. Can you help me?

Sorry about my english.
Vampire1812
Registered User
Posts: 31
Joined: Fri Sep 12, 2008 1:04 pm

Re: IPB 2.3.x to phpBB 3

Post by Vampire1812 »

First of all Sorry to necropost here. :)

I have ran into the password problem and am wondering how to fix this issue.

Here is what I have done.

IPB 2.3.3 --> PHPBB2 using Dickies excellant script nothing breaks everything is there and working perfectly! I can log into phpbb2 no problem with all users after applying the mod to login.php.

When I go PHPBB2 --> PHPBB3 I am unable to login for first time users. However if I use a user that I was able to login to PHPBB2 I am able to login PHPBB3 just fine.

My question is do I still need to use the ipb_auth.php script if converting from IPB2.3.3-->PHPBB2-->PHPBB3 ?

Also let me know if that does not make any sense.

Is there a way to modify auth_db.php with the modified login script from the PHPBB2 Install.

FROM PHPBB3

Code: Select all

<?php
/**
* Database auth plug-in for phpBB3
*
* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
*
* This is for authentication via the integrated user table
*
* @package login
* @version $Id: auth_db.php 8479 2008-03-29 00:22:48Z naderman $
* @copyright (c) 2005 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/

/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
	exit;
}

/**
* Login function
*/
function login_db(&$username, &$password)
{
	global $db, $config;

	// do not allow empty password
	if (!$password)
	{
		return array(
			'status'	=> LOGIN_ERROR_PASSWORD,
			'error_msg'	=> 'NO_PASSWORD_SUPPLIED',
			'user_row'	=> array('user_id' => ANONYMOUS),
		);
	}

	if (!$username)
	{
		return array(
			'status'	=> LOGIN_ERROR_USERNAME,
			'error_msg'	=> 'LOGIN_ERROR_USERNAME',
			'user_row'	=> array('user_id' => ANONYMOUS),
		);
	}

	$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
		FROM ' . USERS_TABLE . "
		WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
	$result = $db->sql_query($sql);
	$row = $db->sql_fetchrow($result);
	$db->sql_freeresult($result);

	if (!$row)
	{
		return array(
			'status'	=> LOGIN_ERROR_USERNAME,
			'error_msg'	=> 'LOGIN_ERROR_USERNAME',
			'user_row'	=> array('user_id' => ANONYMOUS),
		);
	}

	// If there are too much login attempts, we need to check for an confirm image
	// Every auth module is able to define what to do by itself...
	if ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts'])
	{
		$confirm_id = request_var('confirm_id', '');
		$confirm_code = request_var('confirm_code', '');

		// Visual Confirmation handling
		if (!$confirm_id)
		{
			return array(
				'status'		=> LOGIN_ERROR_ATTEMPTS,
				'error_msg'		=> 'LOGIN_ERROR_ATTEMPTS',
				'user_row'		=> $row,
			);
		}
		else
		{
			global $user;

			$sql = 'SELECT code
				FROM ' . CONFIRM_TABLE . "
				WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
					AND session_id = '" . $db->sql_escape($user->session_id) . "'
					AND confirm_type = " . CONFIRM_LOGIN;
			$result = $db->sql_query($sql);
			$confirm_row = $db->sql_fetchrow($result);
			$db->sql_freeresult($result);

			if ($confirm_row)
			{
				if (strcasecmp($confirm_row['code'], $confirm_code) === 0)
				{
					$sql = 'DELETE FROM ' . CONFIRM_TABLE . "
						WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
							AND session_id = '" . $db->sql_escape($user->session_id) . "'
							AND confirm_type = " . CONFIRM_LOGIN;
					$db->sql_query($sql);
				}
				else
				{
					return array(
						'status'		=> LOGIN_ERROR_ATTEMPTS,
						'error_msg'		=> 'CONFIRM_CODE_WRONG',
						'user_row'		=> $row,
					);
				}
			}
			else
			{
				return array(
					'status'		=> LOGIN_ERROR_ATTEMPTS,
					'error_msg'		=> 'CONFIRM_CODE_WRONG',
					'user_row'		=> $row,
				);
			}
		}
	}

	// If the password convert flag is set we need to convert it
	if ($row['user_pass_convert'])
	{
		// in phpBB2 passwords were used exactly as they were sent, with addslashes applied
		$password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
		$password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format;
		$password_new_format = '';

		set_var($password_new_format, stripslashes($password_old_format), 'string');

		if ($password == $password_new_format)
		{
			if (!function_exists('utf8_to_cp1252'))
			{
				global $phpbb_root_path, $phpEx;
				include($phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx);
			}

			// cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding
			if (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'])
			{
				$hash = phpbb_hash($password_new_format);

				// Update the password in the users table to the new format and remove user_pass_convert flag
				$sql = 'UPDATE ' . USERS_TABLE . '
					SET user_password = \'' . $db->sql_escape($hash) . '\',
						user_pass_convert = 0
					WHERE user_id = ' . $row['user_id'];
				$db->sql_query($sql);

				$row['user_pass_convert'] = 0;
				$row['user_password'] = $hash;
			}
			else
			{
				// Although we weren't able to convert this password we have to
				// increase login attempt count to make sure this cannot be exploited
				$sql = 'UPDATE ' . USERS_TABLE . '
					SET user_login_attempts = user_login_attempts + 1
					WHERE user_id = ' . $row['user_id'];
				$db->sql_query($sql);

				return array(
					'status'		=> LOGIN_ERROR_PASSWORD_CONVERT,
					'error_msg'		=> 'LOGIN_ERROR_PASSWORD_CONVERT',
					'user_row'		=> $row,
				);
			}
		}
	}

	// Check password ...
	if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password']))
	{
		// Check for old password hash...
		if (strlen($row['user_password']) == 32)
		{
			$hash = phpbb_hash($password);

			// Update the password in the users table to the new format
			$sql = 'UPDATE ' . USERS_TABLE . "
				SET user_password = '" . $db->sql_escape($hash) . "',
					user_pass_convert = 0
				WHERE user_id = {$row['user_id']}";
			$db->sql_query($sql);

			$row['user_password'] = $hash;
		}

		if ($row['user_login_attempts'] != 0)
		{
			// Successful, reset login attempts (the user passed all stages)
			$sql = 'UPDATE ' . USERS_TABLE . '
				SET user_login_attempts = 0
				WHERE user_id = ' . $row['user_id'];
			$db->sql_query($sql);
		}

		// User inactive...
		if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
		{
			return array(
				'status'		=> LOGIN_ERROR_ACTIVE,
				'error_msg'		=> 'ACTIVE_ERROR',
				'user_row'		=> $row,
			);
		}

		// Successful login... set user_login_attempts to zero...
		return array(
			'status'		=> LOGIN_SUCCESS,
			'error_msg'		=> false,
			'user_row'		=> $row,
		);
	}

	// Password incorrect - increase login attempts
	$sql = 'UPDATE ' . USERS_TABLE . '
		SET user_login_attempts = user_login_attempts + 1
		WHERE user_id = ' . $row['user_id'];
	$db->sql_query($sql);

	// Give status about wrong password...
	return array(
		'status'		=> LOGIN_ERROR_PASSWORD,
		'error_msg'		=> 'LOGIN_ERROR_PASSWORD',
		'user_row'		=> $row,
	);
}

?>
MODIFIED WORKING LOGIN SCRIPT FROM PHPBB2 login.php

Code: Select all

<?php
/***************************************************************************
 *                                login.php
 *                            -------------------
 *   begin                : Saturday, Feb 13, 2001
 *   copyright            : (C) 2001 The phpBB Group
 *   email                : [email protected]
 *
 *   $Id: login.php 6772 2006-12-16 13:11:28Z acydburn $
 *
 *
 ***************************************************************************/

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/

//
// Allow people to reach login page if
// board is shut down
//
define("IN_LOGIN", true);

define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);

//
// Set page ID for session management
//
$userdata = session_pagestart($user_ip, PAGE_LOGIN);
init_userprefs($userdata);
//
// End session management
//

// session id check
if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid']))
{
	$sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid'];
}
else
{
	$sid = '';
}

if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) )
{
	if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && (!$userdata['session_logged_in'] || isset($HTTP_POST_VARS['admin'])) )
	{
		$username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
		$password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';

		$sql = "SELECT user_id, username, user_password, user_active, user_level, salt, user_login_tries, user_last_login_try
			FROM " . USERS_TABLE . "
			WHERE username = '" . str_replace("\\'", "''", $username) . "'";
		if ( !($result = $db->sql_query($sql)) )
		{
			message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
		}

		if( $row = $db->sql_fetchrow($result) )
		{
			if( $row['user_level'] != ADMIN && $board_config['board_disable'] )
			{
				redirect(append_sid("index.$phpEx", true));
			}
			else
			{
// check if this is a converted user
			// handles punbb, vBulletin3 and Invision Power Board user passwords
				if( md5($password) !== $row['user_password'] && $row['user_active'] )
				{
					$md5passwrd = md5($password);
//					$md5password_salt = md5(md5($password) . $row['salt']);

					if ( $row['user_password'] ==  md5(md5($password) . $row['salt'] ) ||  ( $row['user_password'] == md5(md5($row['salt']) . md5($password)) ) || ( $row['user_password'] == substr( sha1( $HTTP_POST_VARS['password'] ), 0, 32) ) )
					{
						// this is a vb3 user. Welcome them and make them a phpBB user now!
						//take the subbed pass and put a md5 encryption on it and insert it into the database 
						$sql = "UPDATE phpbb_users SET user_password = '" . md5( $HTTP_POST_VARS['password'] ) . "' WHERE user_id = '" . $row['user_id'] . "'";
						if( !$db->sql_query($sql) ) 
						{ 
							message_die(GENERAL_ERROR, 'Password Error:<br />Please contact the board administrator immediately.', '', __LINE__, __FILE__, $sql); 
						}
						// reset $row[user_password]
						$sql = "SELECT user_id, username, user_password, user_active, user_level FROM " . USERS_TABLE . "
						WHERE username = '" . str_replace("\\'", "''", $username) . "'";

						if ( !($result = $db->sql_query($sql)) )
						{
							message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
						}
						$row = $db->sql_fetchrow($result); 
					}
				}
				// If the last login is more than x minutes ago, then reset the login tries/time
				if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $row['user_last_login_try'] < (time() - ($board_config['login_reset_time'] * 60)))
				{
					$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']);
					$row['user_last_login_try'] = $row['user_login_tries'] = 0;
				}
				
				// Check to see if user is allowed to login again... if his tries are exceeded
				if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] && 
					$row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'] && $userdata['user_level'] != ADMIN)
				{
					message_die(GENERAL_MESSAGE, sprintf($lang['Login_attempts_exceeded'], $board_config['max_login_attempts'], $board_config['login_reset_time']));
				}

				if( md5($password) == $row['user_password'] && $row['user_active'] )
				{
					$autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;

					$admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0;
					$session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin);

					// Reset login tries
					$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']);

					if( $session_id )
					{
						$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
						redirect(append_sid($url, true));
					}
					else
					{
						message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__);
					}
				}
				// Only store a failed login attempt for an active user - inactive users can't login even with a correct password
				elseif( $row['user_active'] )
				{
					// Save login tries and last login
					if ($row['user_id'] != ANONYMOUS)
					{
						$sql = 'UPDATE ' . USERS_TABLE . '
							SET user_login_tries = user_login_tries + 1, user_last_login_try = ' . time() . '
							WHERE user_id = ' . $row['user_id'];
						$db->sql_query($sql);
					}
				}

				$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
				$redirect = str_replace('?', '&', $redirect);

				if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r") || strstr(urldecode($redirect), ';url'))
				{
					message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
				}

				$template->assign_vars(array(
					'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
				);

				$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' .  sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');

				message_die(GENERAL_MESSAGE, $message);
			}
		}
		else
		{
			$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "";
			$redirect = str_replace("?", "&", $redirect);

			if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r") || strstr(urldecode($redirect), ';url'))
			{
				message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
			}

			$template->assign_vars(array(
				'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
			);

			$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' .  sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');

			message_die(GENERAL_MESSAGE, $message);
		}
	}
	else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] )
	{
		// session id check
		if ($sid == '' || $sid != $userdata['session_id'])
		{
			message_die(GENERAL_ERROR, 'Invalid_session');
		}

		if( $userdata['session_logged_in'] )
		{
			session_end($userdata['session_id'], $userdata['user_id']);
		}

		if (!empty($HTTP_POST_VARS['redirect']) || !empty($HTTP_GET_VARS['redirect']))
		{
			$url = (!empty($HTTP_POST_VARS['redirect'])) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : htmlspecialchars($HTTP_GET_VARS['redirect']);
			$url = str_replace('&', '&', $url);
			redirect(append_sid($url, true));
		}
		else
		{
			redirect(append_sid("index.$phpEx", true));
		}
	}
	else
	{
		$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
		redirect(append_sid($url, true));
	}
}
else
{
	//
	// Do a full login page dohickey if
	// user not already logged in
	//
	if( !$userdata['session_logged_in'] || (isset($HTTP_GET_VARS['admin']) && $userdata['session_logged_in'] && $userdata['user_level'] == ADMIN))
	{
		$page_title = $lang['Login'];
		include($phpbb_root_path . 'includes/page_header.'.$phpEx);

		$template->set_filenames(array(
			'body' => 'login_body.tpl')
		);

		$forward_page = '';

		if( isset($HTTP_POST_VARS['redirect']) || isset($HTTP_GET_VARS['redirect']) )
		{
			$forward_to = $HTTP_SERVER_VARS['QUERY_STRING'];

			if( preg_match("/^redirect=([a-z0-9\.#\/\?&=\+\-_]+)/si", $forward_to, $forward_matches) )
			{
				$forward_to = ( !empty($forward_matches[3]) ) ? $forward_matches[3] : $forward_matches[1];
				$forward_match = explode('&', $forward_to);

				if(count($forward_match) > 1)
				{
					for($i = 1; $i < count($forward_match); $i++)
					{
						if( !ereg("sid=", $forward_match[$i]) )
						{
							if( $forward_page != '' )
							{
								$forward_page .= '&';
							}
							$forward_page .= $forward_match[$i];
						}
					}
					$forward_page = $forward_match[0] . '?' . $forward_page;
				}
				else
				{
					$forward_page = $forward_match[0];
				}
			}
		}

		$username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : '';

		$s_hidden_fields = '<input type="hidden" name="redirect" value="' . $forward_page . '" />';
		$s_hidden_fields .= (isset($HTTP_GET_VARS['admin'])) ? '<input type="hidden" name="admin" value="1" />' : '';

		make_jumpbox('viewforum.'.$phpEx);
		$template->assign_vars(array(
			'USERNAME' => $username,

			'L_ENTER_PASSWORD' => (isset($HTTP_GET_VARS['admin'])) ? $lang['Admin_reauthenticate'] : $lang['Enter_password'],
			'L_SEND_PASSWORD' => $lang['Forgotten_password'],

			'U_SEND_PASSWORD' => append_sid("profile.$phpEx?mode=sendpassword"),

			'S_HIDDEN_FIELDS' => $s_hidden_fields)
		);

		$template->pparse('body');

		include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
	}
	else
	{
		redirect(append_sid("index.$phpEx", true));
	}

}

?>
Pay particular attention to these parts in the modified working script.

Code: Select all

#-----[ IN-LINE FIND ]------------------------------------------
#

user_level

#
#-----[ AFTER, ADD ]------------------------------------------
#

, salt

#
#-----[ FIND ]------------------------------------------
#

			if( $row['user_level'] != ADMIN && $board_config['board_disable'] )
			{
				redirect(append_sid("index.$phpEx", true));
			}
			else
			{

#
#-----[ AFTER, ADD ]------------------------------------------
#

			// check if this is a converted user
			// handles punbb, vBulletin3 and Invision Power Board user passwords
				if( md5($password) !== $row['user_password'] && $row['user_active'] )
				{
					$md5passwrd = md5($password);
//					$md5password_salt = md5(md5($password) . $row['salt']);

					if ( $row['user_password'] ==  md5(md5($password) . $row['salt'] ) ||  ( $row['user_password'] == md5(md5($row['salt']) . md5($password)) ) || ( $row['user_password'] == substr( sha1( $HTTP_POST_VARS['password'] ), 0, 32) ) )
					{
						// this is a vb3 user. Welcome them and make them a phpBB user now!
						//take the subbed pass and put a md5 encryption on it and insert it into the database 
						$sql = "UPDATE phpbb_users SET user_password = '" . md5( $HTTP_POST_VARS['password'] ) . "' WHERE user_id = '" . $row['user_id'] . "'";
						if( !$db->sql_query($sql) ) 
						{ 
							message_die(GENERAL_ERROR, 'Password Error:<br />Please contact the board administrator immediately.', '', __LINE__, __FILE__, $sql); 
						}
						// reset $row[user_password]
						$sql = "SELECT user_id, username, user_password, user_active, user_level FROM " . USERS_TABLE . "
						WHERE username = '" . str_replace("\\'", "''", $username) . "'";

						if ( !($result = $db->sql_query($sql)) )
						{
							message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
						}
						$row = $db->sql_fetchrow($result); 
					}
				}

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
Locked

Return to “[3.0.x] Convertors”