USEFUL MD5 to Bcrypt script [Updated]

Need some custom code changes to the phpBB core simple enough that you feel doesn't require an extension? Then post your request here so that community members can provide some assistance.

NOTE: NO OFFICIAL SUPPORT IS PROVIDED IN THIS SUB-FORUM
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

NOTE: NO OFFICIAL SUPPORT IS PROVIDED IN THIS SUB-FORUM
Post Reply
User avatar
DeadlineEm
Registered User
Posts: 10
Joined: Thu Dec 01, 2022 10:35 pm
Contact:

USEFUL MD5 to Bcrypt script [Updated]

Post by DeadlineEm »

So, another user on the forums has a main site and then a phpbb forum separated. He wants to convert his current database to phpBB and then merge his login/registration together so when a user logs in, they log into both locations (Site and Forum)

I've created this script to help convert from MD5 to Bcrypt and insert information to the users table. I know its missing the users_group table for phpbb currently, but is there anything I can do to make this more simple and what are the MOST important values in the phpBB database for the users to work on the forums when registered? Besides username, email password and IP address.

This could be extremely useful for integrating sites to phpBB

ALSO i am aware there is no protection from XSS in the form. I dont have the users password layout, so I'm unaware if its strict to alphanumeric or if it can use symbols and such.

Code: Select all

<?php
// NOTE: This script only enters the BASIC NECCESSARY INFORMATION into your phpBB database.  If you want more information, you need to gather your database info and write it out accordingly.

// MAIN DB Connection Info
define('DB_HOST', 'DATABASE HOST');
define('DB_NAME', 'DATABASE NAME');
define('DB_USERNAME', 'DATABASE USERNAME');
define('DB_PASSWORD', 'DATABASE PASSWORD');
define('ERROR_MESSAGE', 'Oops, we ran into a problem here');

try {
$odb = new PDO('mysql:host=' . DB_HOST . ';dbname=' . DB_NAME, DB_USERNAME, DB_PASSWORD);
}
catch( PDOException $Exception ) {
	error_log('ERROR: '.$Exception->getMessage().' - '.$_SERVER['REQUEST_URI'].' at '.date('l jS \of F, Y, h:i:s A')."\n", 3, 'error.log');
	die(ERROR_MESSAGE);
}

function error($string)
{
return '<div class="alert alert-danger alert-dismissable"></button><strong>ERROR:</strong> '.$string.'</div>';
}

function success($string)
{
return '<div class="alert alert-success alert-dismissable"></button><strong>SUCCESS:</strong> '.$string.'</div>';
}
// End MAIN DB Connection Info


/*/ phpBB DB Connection Info ---- IF you have two separate hosts/databases, change this from the above, if not, keep it commented out! ----
define('DB_HOST2', 'DATABASE HOST 2');
define('DB_NAME2', 'DATABASE NAME 2');
define('DB_USERNAME2', 'DATABASE USERNAME 2');
define('DB_PASSWORD2', 'DATABASE PASSWORD 2');
define('ERROR_MESSAGE2', 'Oops, we ran into a problem here');

try {
$odb2 = new PDO('mysql:host=' . DB_HOST2 . ';dbname=' . DB_NAME2, DB_USERNAME2, DB_PASSWORD2);
}
catch( PDOException $Exception ) {
	error_log('ERROR: '.$Exception->getMessage().' - '.$_SERVER['REQUEST_URI'].' at '.date('l jS \of F, Y, h:i:s A')."\n", 3, 'error.log');
	die(ERROR_MESSAGE2);
}

function error($string)
{
return '<div class="alert alert-danger alert-dismissable"></button><strong>ERROR:</strong> '.$string.'</div>';
}

function success($string)
{
return '<div class="alert alert-success alert-dismissable"></button><strong>SUCCESS:</strong> '.$string.'</div>';
}
// End phpBB DB Connection Info*/
?>
<html>
<head>
<title>MD5 2 phpBB Bcrypt</title>
<style>
body{
	background-color: #151515;
}
.content{
	margin-top: -10px;
	background-color: #303030;
	color: white;
	width: 50%;
	padding: 35px 35px 35px 35px;
	box-shadow: 0px 5px 10px #000;
}
.subcontent{
	background-color: #202020;
	color: white;
	width: 65%;
	padding: 35px 35px 35px 35px;
	border-radius: 5px;
	box-shadow: inset 0px 0px 15px #000;
}
.separator{
	width: 50%;
	background-color: #151515;
}
.title{
	font-size: 22px;
	font-weight: bold;
}
.sub{
	inline-size: 49%;
    overflow-wrap: break-word;
	margin-top: -15px;
	margin-bottom: 15px;
}
.input{
  width: 50%;
  padding: 12px 20px;
  margin: 8px 0;
  display: block;
  border: 1px solid #ccc;
  border-radius: 4px;
  box-sizing: border-box;
}
input[type=submit] {
  width: 25%;
  background-color: #4CAF50;
  color: white;
  padding: 14px 20px;
  margin: 8px 0;
  border: none;
  border-radius: 4px;
  cursor: pointer;
}

input[type=submit]:hover {
  background-color: #45a049;
}
</style>
</head>
<body>
<center>
<div class="content">
<p class="title">MD5 Password database to PHPBB Bcrypt 10 Cost by DeadlineEm @ <a href="https://kaos-inc.ga/">KAOS Inc</a><br /></p>
</div>
<p class="separator"></p>
<div class="content" style="height: 25px;">
<p class="sub" style="float: left;">This script is for use if you have a database that uses MD5 password encryption and you want to incorporate your sites users to a phpBB forum.</p>
<p class="sub" style="float: left;">You would enter your main site database connection/table information and your phpBB database information inside this file.</p>
</div>
<p class="separator"></p>
<div class="content">
<!--POST Form-->

<form method="POST" action="" autocomplete="off" style="margin-top: 50px;">

<label for="password" style="margin-bottom: 15px;">Enter a username and password then click generate to create your phpBB forum account easily!</label>
<input class="input" type="text" name="username" id="username" placeholder="Username (test-user)" autocomplete="off" />
<input class="input" type="password" name="password" id="password" placeholder="Password (testPass1)" autocomplete="off" />
<input type="submit" name="submit" id="submit" value="Generate" />
</form>
<span>Try it out!  Type in test-user : testPass1</span>
<br />
<span>Want to see it without the test information?  Type in real-user : realPass1</span>
<!--End Form-->

<?php
if(isset($_POST['submit']))
{
	
	$testUser = "test-user";
	//Delete the test user from the database, every time the form is submitted by somebody
	$SQL = $odb -> prepare("DELETE FROM phpbbn4_users_test WHERE `username` = :user");
	$SQL -> execute(array(":user" => $testUser));	
	
$enteredUser = $_POST['username']; // Optionally can be changed to $_SESSION['username']; for a user who is logged in on your site, removing the need for the manual username entry, just password verification.
$enteredPasswd = $_POST['password'];
$validPass = MD5($enteredPasswd); // Validates the entered password matches the users MD5 password on the Main database
if(empty($enteredUser) || empty($enteredPasswd))
{
	die('<p class="subcontent" style="color: red;">ERROR: You need to enter a VALID username and password <br />(Example: test-user*testPass1 OR real-user*realPass1 )</p>');
}
else
{
	echo '<p class="subcontent">';
echo "Processing conversion...<br />";
echo "Conversion Results:<br /><br />";

// Retrieve the necessary information to create a user, this will gather all the users information ONLY after they enter their password AND it validates it.

$SQL = $odb -> prepare("SELECT * FROM `Dummy` WHERE `username` = :user && `password` = :pass");
$SQL -> execute(array(":user" => $enteredUser, ":pass" => $validPass));
					foreach($SQL as $row)
					{
											//This section reads the unformation you entered and checks your main database for the user/password combo.  If it matches, it converts the username, password email and IP
											$user = $row['username'];
											$userClean = strtolower($user); // lowercase username for username_clean in phpbb
											$email = $row['email'];						
											// Each $value in your database you want to enter to phpbb you can prepend here like the three shown above. Password is set by the form.
											
											if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) {
											  $_SERVER['REMOTE_ADDR'] = $_SERVER["HTTP_CF_CONNECTING_IP"];  // Gets the users real current IP for phpBB user_ip
											}
											$ipAddr = $_SERVER['REMOTE_ADDR'];
											$options = ['cost' => 10];			// Bcrypt cost and Password encryption with Bcrypt
											$pass = password_hash($enteredPasswd, PASSWORD_BCRYPT, $options)."\n";
												// Change to $odb2 if using second connection
											$SQL2 = $odb -> prepare("SELECT * FROM `phpbbn4_users_test` WHERE `username` = :user");
											$SQL2 -> execute(array(":user" => $user));
											foreach($SQL2 as $row)
											{
												$userCheck = $row['username'];
											}
											if(empty($userCheck))
											{
											// Now that the main information is retrieved from your database and verified, connect to the phpBB database and insert it!
											
													// Change to $odb2 if using second connection
											$SQLinsert = $odb -> prepare("INSERT INTO `phpbbn4_users_test` (username, username_clean, user_password, user_email, user_ip) VALUES (:userName, :clean, :passWord, :Email, :ip)"); // Edit these values and the ones below with more entries gathered from your own user system above that you added in : $value = $row['value'];.
											$SQLinsert -> execute(array(":userName" => $user, ":clean" => $userClean, ":passWord" => $pass, ":Email" => $email, ":ip" => $ipAddr));
											
											echo "Information successfully converted and inserted into your phpBB table!";
											echo "<br /><br />";
											
												if(isset($email))
												{
													/*These are for testing purposes only, used to display the values written/retrieved from the database to make sure things work. */
										
											echo "Username: ".$user."<br />";
											echo "Username-Clean: ".$userClean."<br />";
											echo "Email: ".$email."<br />";
											echo "IP: ".$ipAddr."<br />";
											echo "Original Password: ".$enteredPasswd."<br />";
											echo "MD5: ".$validPass."<br />";
											echo "Bcrypt: ".$pass."</p><br /><br />";
												}
												if($user == "test-user")
												{
													echo "<p class='subcontent'>The data above shows the information converted and inserted into the phpbbn4_users table, this is customizable in the php file to add/remove fields that you may need to convert your table to phpbb.</p>";
													echo "<p class='subcontent'>NOTE: This script DOES NOT add information to the phpbbn4_user_group table, but can be modified to also do that as well.</p>";								
												}
												if($user == "real-user")
												{
														$testUser = "real-user";
														//Delete the test user from the database, every time the form is submitted by somebody
														$SQL = $odb -> prepare("DELETE FROM phpbbn4_users_test WHERE `username` = :user");
														$SQL -> execute(array(":user" => $testUser));
														
														echo "Real User has been removed from the phpbb database after the query, reinsert the users credentials to see the fresh output again.";
												}
											}
											else
											{
												die("A user with the username: ".$userCheck." was found in the phpBB database already!");
											}
										}
										if(empty($user))
										{
											die("Uh Oh!  Looks like I couldn't find the username: ".$enteredUser." in the MAIN Database.");
										}
					}
}					
					?>
					<!--
					
					This information is here so you can write your own values where they need to go in the database tables.  This script does not write to the user_group table
					
					
					PHPBB Users Table Structure:
					phpbb_users 
					(user_type, group_id, username, username_clean, user_regdate, user_password, user_email, user_lang, user_style, user_rank, user_colour, user_posts, user_permissions, user_ip, user_birthday, user_lastpage, user_last_confirm_key, user_post_sortby_type, user_post_sortby_dir, user_topic_sortby_type, user_topic_sortby_dir, user_avatar, user_sig, user_sig_bbcode_uid, user_from, user_icq, user_aim, user_yim, user_msnm, user_jabber, user_website, user_occ, user_interests, user_actkey, user_newpasswd) 
					VALUES 
					(3, 5, 'Admin', 'admin', 0, '21232f297a57a5a743894a0e4a801fc3', '[email protected]', 'en', 1, 1, 'AA0000', 1, '', '', '', '', '', 't', 'a', 't', 'd', '', '', '', '', '', '', '', '', '', '', '', '', '', '');
					
					PHPBB Users Group Table Structure:
					phpbb.phpbb_user_group ( group_id , user_id , group_leader , user_pending) 
					VALUES 
					(GROUP_ID, USER_ID,  '0',  '0');
					
					-->
					
					</div>
					</center>
					</body>
					</html>


The working test page for this script is Located Here

DO NOT WORRY, the code was copy/pasted directly, this does not save your information, if you are really worried though, feel free to test using a VPN. Enjoy and feel free to contact me for help with custom coding!
Post Reply

Return to “phpBB Custom Coding”