How to Encrypt password with the new system?

Discussion forum for MOD Writers regarding MOD Development.
eight9offsuit
Registered User
Posts: 5
Joined: Fri Dec 14, 2007 2:40 am

Re: How to Encrypt password with the new system?

Post by eight9offsuit »

Acyd Burn wrote:phpbb_check_hash($password, $hash) is the key function (my script is to show the basic working, it is not meant as a copy & paste script you can use - i expect those programming able to think a bit for themselves. ;)).
Thank you very much Acyd for the script, it set me on the right path. A little bit of alteration and it worked like a charm. Thanks for making it so simple.
RoXur777
Registered User
Posts: 1
Joined: Fri Dec 14, 2007 5:38 pm

Re: How to Encrypt password with the new system?

Post by RoXur777 »

Open:

Code: Select all

includes/functions.php
Change:

Code: Select all

function phpbb_hash($password)
{
   $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';

   $random_state = unique_id();
   $random = '';
   $count = 6;

   if (($fh = @fopen('/dev/urandom', 'rb')))
   {
      $random = fread($fh, $count);
      fclose($fh);
   }

   if (strlen($random) < $count)
   {
      $random = '';

      for ($i = 0; $i < $count; $i += 16)
      {
         $random_state = md5(unique_id() . $random_state);
         $random .= pack('H*', md5($random_state));
      }
      $random = substr($random, 0, $count);
   }

   $hash = _hash_crypt_private($password, _hash_gensalt_private($random, $itoa64), $itoa64);

   if (strlen($hash) == 34)
   {
      return $hash;
   }

   return md5($password);
}
To:

Code: Select all

function phpbb_hash($password)
{
   return md5($password);
}
This will use the old phpBB2 hashing system.
ameeck
Former Team Member
Posts: 6559
Joined: Mon Mar 21, 2005 6:57 pm

Re: How to Encrypt password with the new system?

Post by ameeck »

Yes just be careful about having half of the passwords in md5 and the other half in the phpbb_hash ;)
Swirlsky
Registered User
Posts: 23
Joined: Sat Oct 14, 2006 1:42 pm
Location: Szombathely, Hungary

Re: How to Encrypt password with the new system?

Post by Swirlsky »

So can this code:

Code: Select all

$password = $_POST["Password"];

define('IN_PHPBB', true);
$phpbb_root_path = 'forums/';

$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.php');
include($phpbb_root_path . 'includes/functions_user.php');
include($phpbb_root_path . 'includes/ucp/ucp_register.php');

if (phpbb_check_hash($password, $hash)) { echo "match"; }
be used instead of PasswordHash.php to compare the password that the user posted with the password in the database?
Acyd Burn
Consultant
Consultant
Posts: 5830
Joined: Wed Dec 05, 2001 8:31 pm
Location: Behind You
Name: Meik Sievertsen

Re: How to Encrypt password with the new system?

Post by Acyd Burn »

Yes, but a bit differently (never set variables before the header initiation and use request_var())

Code: Select all

define('IN_PHPBB', true);
$phpbb_root_path = 'forums/';

$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.php');
include($phpbb_root_path . 'includes/functions_user.php');
include($phpbb_root_path . 'includes/ucp/ucp_register.php');

$password = request_var('Password', '');

if (phpbb_check_hash($password, $hash)) { echo "match"; }
Swirlsky
Registered User
Posts: 23
Joined: Sat Oct 14, 2006 1:42 pm
Location: Szombathely, Hungary

Re: How to Encrypt password with the new system?

Post by Swirlsky »

Thank you for your reply, but unfortunately it doesn't work for me.
I try to use it in a function like this:

Code: Select all

function CheckPass($Pass) {

	define('IN_PHPBB', true);
	$phpbb_root_path = 'forums/';

	$phpEx = substr(strrchr(__FILE__, '.'), 1);
	include($phpbb_root_path . 'common.php');
	include($phpbb_root_path . 'includes/functions_user.php');
	include($phpbb_root_path . 'includes/ucp/ucp_register.php');

	if(phpbb_check_hash(request_var($Pass, ""), $hash)) { echo "match"; }
}

CheckPass($_POST["Password"]);
and I receive the following error message:
The config.php file could not be found.
Click here to install phpBB
What am I doing wrong? Is it possible to use it inside a function?
Acyd Burn
Consultant
Consultant
Posts: 5830
Joined: Wed Dec 05, 2001 8:31 pm
Location: Behind You
Name: Meik Sievertsen

[SPLIT] Cannot Login

Post by Acyd Burn »

Of course it is possible, but the header instructions should not be put in a function. ;) They are meant to be put within the files, at the header.

I suggest to read the coding guidelines and the MOD documents on how to do phpBB pages. You only need this bit:

Code: Select all

if (phpbb_check_hash($password, $hash)) { echo "match"; }
The rest is just the code for constructing a full page.
Swirlsky
Registered User
Posts: 23
Joined: Sat Oct 14, 2006 1:42 pm
Location: Szombathely, Hungary

Re: How to Encrypt password with the new system?

Post by Swirlsky »

Thank you for your help, I will read the documentation.
dabuzz
Registered User
Posts: 1
Joined: Mon Dec 31, 2007 5:49 pm

Re: How to Encrypt password with the new system?

Post by dabuzz »

Has anybody converted or able to convert this hashing function to vb.net or c#?
I have a system that i want to use along with phbb database for authentication.
Puntadelanza
Registered User
Posts: 156
Joined: Thu Jul 03, 2003 10:48 am
Location: Spain
Contact:

Re: How to Encrypt password with the new system?

Post by Puntadelanza »

I only want to say, thanks to mecu.
His information was very helpfully to me. Thanks!
Estrategia, táctica y sobre todo Combat Mission.
Punta de Lanza
phpbb user since 2003
Grashopper
Registered User
Posts: 12
Joined: Fri Apr 22, 2005 7:53 am
Location: Schalbruch, Germany

Re: How to Encrypt password with the new system?

Post by Grashopper »

Can anyone help me? I have been trying to get a web app that worked with RC1 and prior just fine, but has since "broken" b/c of the new hash.

here's what's I've been trying thus far: http://www.phpbb.com/community/viewtopi ... &sk=t&sd=a

When I try to use the line:

Code: Select all

include("../phpBB3/includes/functions.php");
It gives me a blank screen. Do I need to load something else? Please help!
nogoer
Registered User
Posts: 10
Joined: Thu Oct 12, 2006 7:50 pm

Re: How to Encrypt password with the new system?

Post by nogoer »

I also get a blank page when trying to include the functions so i can compare passwords with the new hash.

This new hash method basically hosed everyone who was integrating phpbb with another site. Unless your doing your hash compares from within phpbb this just doesnt look like its going to work. Before it was fine, md5 was a native function to php now the new "secure" built in functions are only within phpbb and if you need to integrate an app that uses phpbb you're stuck.

This one little change basically made phpbb no longer an app that can be integrated into an existing site or as a sub part to a larger website. For me phpbb was a great add on so i could provide a community area for my users. Now i need to stick with an outdated RC version in order to keep the functionality i need.
User avatar
cardude
Registered User
Posts: 67
Joined: Sat May 07, 2005 2:06 am

Re: How to Encrypt password with the new system?

Post by cardude »

Acyd Burn wrote:Yes, this is correct. The hash is always different.

Try the following:

Code: Select all

<?php

$password = "test";

define('IN_PHPBB', true);
$phpbb_root_path = 'forums/';

$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.php');
include($phpbb_root_path . 'includes/functions_user.php');
include($phpbb_root_path . 'includes/ucp/ucp_register.php');

$hash = '$H$9eKXZWW653tFUTIDrJs00Y2rcnpk1R.';

if (phpbb_check_hash($password, $hash))
{
	echo "(match) ";
}

$result = phpbb_hash($password);

if (phpbb_check_hash($password, $result))
{
	echo "(match) ";
}

if (!phpbb_check_hash('test2', $result))
{
	echo "(no match) ";
}

?>
The $hash variable is a random hash for 'test'... you should get (match) (match) (no match)
I can get this to run, but how do I check if the username and password that the user entered? Right now there isn't anywhere to put the username in the script.
ameeck
Former Team Member
Posts: 6559
Joined: Mon Mar 21, 2005 6:57 pm

Re: How to Encrypt password with the new system?

Post by ameeck »

Use the login method of the user class for that. It will also automatically initialize sessions and set cookies if the login is succesful.
User avatar
Megasmrt
Registered User
Posts: 8
Joined: Thu Mar 06, 2008 8:24 pm

Re: How to Encrypt password with the new system?

Post by Megasmrt »

Overkill! :D Great work, i'm done. Tnx to everyone! ;) u rock!
Is there a place in time where war and peace collide?
Locked

Return to “[3.0.x] MOD Writers Discussion”