I've created this script to help convert from MD5 to Bcrypt and insert information to the users table. I know its missing the users_group table for phpbb currently, but is there anything I can do to make this more simple and what are the MOST important values in the phpBB database for the users to work on the forums when registered? Besides username, email password and IP address.
This could be extremely useful for integrating sites to phpBB
ALSO i am aware there is no protection from XSS in the form. I dont have the users password layout, so I'm unaware if its strict to alphanumeric or if it can use symbols and such.
Code: Select all
<?php
// NOTE: This script only enters the BASIC NECCESSARY INFORMATION into your phpBB database. If you want more information, you need to gather your database info and write it out accordingly.
// MAIN DB Connection Info
define('DB_HOST', 'DATABASE HOST');
define('DB_NAME', 'DATABASE NAME');
define('DB_USERNAME', 'DATABASE USERNAME');
define('DB_PASSWORD', 'DATABASE PASSWORD');
define('ERROR_MESSAGE', 'Oops, we ran into a problem here');
try {
$odb = new PDO('mysql:host=' . DB_HOST . ';dbname=' . DB_NAME, DB_USERNAME, DB_PASSWORD);
}
catch( PDOException $Exception ) {
error_log('ERROR: '.$Exception->getMessage().' - '.$_SERVER['REQUEST_URI'].' at '.date('l jS \of F, Y, h:i:s A')."\n", 3, 'error.log');
die(ERROR_MESSAGE);
}
function error($string)
{
return '<div class="alert alert-danger alert-dismissable"></button><strong>ERROR:</strong> '.$string.'</div>';
}
function success($string)
{
return '<div class="alert alert-success alert-dismissable"></button><strong>SUCCESS:</strong> '.$string.'</div>';
}
// End MAIN DB Connection Info
/*/ phpBB DB Connection Info ---- IF you have two separate hosts/databases, change this from the above, if not, keep it commented out! ----
define('DB_HOST2', 'DATABASE HOST 2');
define('DB_NAME2', 'DATABASE NAME 2');
define('DB_USERNAME2', 'DATABASE USERNAME 2');
define('DB_PASSWORD2', 'DATABASE PASSWORD 2');
define('ERROR_MESSAGE2', 'Oops, we ran into a problem here');
try {
$odb2 = new PDO('mysql:host=' . DB_HOST2 . ';dbname=' . DB_NAME2, DB_USERNAME2, DB_PASSWORD2);
}
catch( PDOException $Exception ) {
error_log('ERROR: '.$Exception->getMessage().' - '.$_SERVER['REQUEST_URI'].' at '.date('l jS \of F, Y, h:i:s A')."\n", 3, 'error.log');
die(ERROR_MESSAGE2);
}
function error($string)
{
return '<div class="alert alert-danger alert-dismissable"></button><strong>ERROR:</strong> '.$string.'</div>';
}
function success($string)
{
return '<div class="alert alert-success alert-dismissable"></button><strong>SUCCESS:</strong> '.$string.'</div>';
}
// End phpBB DB Connection Info*/
?>
<html>
<head>
<title>MD5 2 phpBB Bcrypt</title>
<style>
body{
background-color: #151515;
}
.content{
margin-top: -10px;
background-color: #303030;
color: white;
width: 50%;
padding: 35px 35px 35px 35px;
box-shadow: 0px 5px 10px #000;
}
.subcontent{
background-color: #202020;
color: white;
width: 65%;
padding: 35px 35px 35px 35px;
border-radius: 5px;
box-shadow: inset 0px 0px 15px #000;
}
.separator{
width: 50%;
background-color: #151515;
}
.title{
font-size: 22px;
font-weight: bold;
}
.sub{
inline-size: 49%;
overflow-wrap: break-word;
margin-top: -15px;
margin-bottom: 15px;
}
.input{
width: 50%;
padding: 12px 20px;
margin: 8px 0;
display: block;
border: 1px solid #ccc;
border-radius: 4px;
box-sizing: border-box;
}
input[type=submit] {
width: 25%;
background-color: #4CAF50;
color: white;
padding: 14px 20px;
margin: 8px 0;
border: none;
border-radius: 4px;
cursor: pointer;
}
input[type=submit]:hover {
background-color: #45a049;
}
</style>
</head>
<body>
<center>
<div class="content">
<p class="title">MD5 Password database to PHPBB Bcrypt 10 Cost by DeadlineEm @ <a href="https://kaos-inc.ga/">KAOS Inc</a><br /></p>
</div>
<p class="separator"></p>
<div class="content" style="height: 25px;">
<p class="sub" style="float: left;">This script is for use if you have a database that uses MD5 password encryption and you want to incorporate your sites users to a phpBB forum.</p>
<p class="sub" style="float: left;">You would enter your main site database connection/table information and your phpBB database information inside this file.</p>
</div>
<p class="separator"></p>
<div class="content">
<!--POST Form-->
<form method="POST" action="" autocomplete="off" style="margin-top: 50px;">
<label for="password" style="margin-bottom: 15px;">Enter a username and password then click generate to create your phpBB forum account easily!</label>
<input class="input" type="text" name="username" id="username" placeholder="Username (test-user)" autocomplete="off" />
<input class="input" type="password" name="password" id="password" placeholder="Password (testPass1)" autocomplete="off" />
<input type="submit" name="submit" id="submit" value="Generate" />
</form>
<span>Try it out! Type in test-user : testPass1</span>
<br />
<span>Want to see it without the test information? Type in real-user : realPass1</span>
<!--End Form-->
<?php
if(isset($_POST['submit']))
{
$testUser = "test-user";
//Delete the test user from the database, every time the form is submitted by somebody
$SQL = $odb -> prepare("DELETE FROM phpbbn4_users_test WHERE `username` = :user");
$SQL -> execute(array(":user" => $testUser));
$enteredUser = $_POST['username']; // Optionally can be changed to $_SESSION['username']; for a user who is logged in on your site, removing the need for the manual username entry, just password verification.
$enteredPasswd = $_POST['password'];
$validPass = MD5($enteredPasswd); // Validates the entered password matches the users MD5 password on the Main database
if(empty($enteredUser) || empty($enteredPasswd))
{
die('<p class="subcontent" style="color: red;">ERROR: You need to enter a VALID username and password <br />(Example: test-user*testPass1 OR real-user*realPass1 )</p>');
}
else
{
echo '<p class="subcontent">';
echo "Processing conversion...<br />";
echo "Conversion Results:<br /><br />";
// Retrieve the necessary information to create a user, this will gather all the users information ONLY after they enter their password AND it validates it.
$SQL = $odb -> prepare("SELECT * FROM `Dummy` WHERE `username` = :user && `password` = :pass");
$SQL -> execute(array(":user" => $enteredUser, ":pass" => $validPass));
foreach($SQL as $row)
{
//This section reads the unformation you entered and checks your main database for the user/password combo. If it matches, it converts the username, password email and IP
$user = $row['username'];
$userClean = strtolower($user); // lowercase username for username_clean in phpbb
$email = $row['email'];
// Each $value in your database you want to enter to phpbb you can prepend here like the three shown above. Password is set by the form.
if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) {
$_SERVER['REMOTE_ADDR'] = $_SERVER["HTTP_CF_CONNECTING_IP"]; // Gets the users real current IP for phpBB user_ip
}
$ipAddr = $_SERVER['REMOTE_ADDR'];
$options = ['cost' => 10]; // Bcrypt cost and Password encryption with Bcrypt
$pass = password_hash($enteredPasswd, PASSWORD_BCRYPT, $options)."\n";
// Change to $odb2 if using second connection
$SQL2 = $odb -> prepare("SELECT * FROM `phpbbn4_users_test` WHERE `username` = :user");
$SQL2 -> execute(array(":user" => $user));
foreach($SQL2 as $row)
{
$userCheck = $row['username'];
}
if(empty($userCheck))
{
// Now that the main information is retrieved from your database and verified, connect to the phpBB database and insert it!
// Change to $odb2 if using second connection
$SQLinsert = $odb -> prepare("INSERT INTO `phpbbn4_users_test` (username, username_clean, user_password, user_email, user_ip) VALUES (:userName, :clean, :passWord, :Email, :ip)"); // Edit these values and the ones below with more entries gathered from your own user system above that you added in : $value = $row['value'];.
$SQLinsert -> execute(array(":userName" => $user, ":clean" => $userClean, ":passWord" => $pass, ":Email" => $email, ":ip" => $ipAddr));
echo "Information successfully converted and inserted into your phpBB table!";
echo "<br /><br />";
if(isset($email))
{
/*These are for testing purposes only, used to display the values written/retrieved from the database to make sure things work. */
echo "Username: ".$user."<br />";
echo "Username-Clean: ".$userClean."<br />";
echo "Email: ".$email."<br />";
echo "IP: ".$ipAddr."<br />";
echo "Original Password: ".$enteredPasswd."<br />";
echo "MD5: ".$validPass."<br />";
echo "Bcrypt: ".$pass."</p><br /><br />";
}
if($user == "test-user")
{
echo "<p class='subcontent'>The data above shows the information converted and inserted into the phpbbn4_users table, this is customizable in the php file to add/remove fields that you may need to convert your table to phpbb.</p>";
echo "<p class='subcontent'>NOTE: This script DOES NOT add information to the phpbbn4_user_group table, but can be modified to also do that as well.</p>";
}
if($user == "real-user")
{
$testUser = "real-user";
//Delete the test user from the database, every time the form is submitted by somebody
$SQL = $odb -> prepare("DELETE FROM phpbbn4_users_test WHERE `username` = :user");
$SQL -> execute(array(":user" => $testUser));
echo "Real User has been removed from the phpbb database after the query, reinsert the users credentials to see the fresh output again.";
}
}
else
{
die("A user with the username: ".$userCheck." was found in the phpBB database already!");
}
}
if(empty($user))
{
die("Uh Oh! Looks like I couldn't find the username: ".$enteredUser." in the MAIN Database.");
}
}
}
?>
<!--
This information is here so you can write your own values where they need to go in the database tables. This script does not write to the user_group table
PHPBB Users Table Structure:
phpbb_users
(user_type, group_id, username, username_clean, user_regdate, user_password, user_email, user_lang, user_style, user_rank, user_colour, user_posts, user_permissions, user_ip, user_birthday, user_lastpage, user_last_confirm_key, user_post_sortby_type, user_post_sortby_dir, user_topic_sortby_type, user_topic_sortby_dir, user_avatar, user_sig, user_sig_bbcode_uid, user_from, user_icq, user_aim, user_yim, user_msnm, user_jabber, user_website, user_occ, user_interests, user_actkey, user_newpasswd)
VALUES
(3, 5, 'Admin', 'admin', 0, '21232f297a57a5a743894a0e4a801fc3', '[email protected]', 'en', 1, 1, 'AA0000', 1, '', '', '', '', '', 't', 'a', 't', 'd', '', '', '', '', '', '', '', '', '', '', '', '', '', '');
PHPBB Users Group Table Structure:
phpbb.phpbb_user_group ( group_id , user_id , group_leader , user_pending)
VALUES
(GROUP_ID, USER_ID, '0', '0');
-->
</div>
</center>
</body>
</html>
The working test page for this script is Located Here
DO NOT WORRY, the code was copy/pasted directly, this does not save your information, if you are really worried though, feel free to test using a VPN. Enjoy and feel free to contact me for help with custom coding!