Please login or register.

Login with username, password and session length
Advanced search  

News:

You need/want an older version of sNews ? Download an older/unsupported version here.

Author Topic: Import users from PhpBB3?  (Read 5119 times)

Archadian

  • Newbie
  • *
  • Karma: 0
  • Posts: 4
Import users from PhpBB3?
« on: August 31, 2009, 06:01:45 PM »

I've been working on this thing for almost two days and I'm ashamed to say I have had little progress. And, so, here I am asking for your help, if you will give it.

Okay so you'd think that copying users from one table to another would be easy, but phpbb3 encrypts all passwords with MD5 and then SALT so the only way I can get the passwords right is by doing something like this (which is already collecting passwords):

Code: [Select]
$md5new_password = md5( $_REQUEST['password'] );

$sql = "UPDATE " . USERS_TABLE . "
      SET md5new_password = '$md5new_password'
      WHERE user_id = " . $row['user_id'];
$db->sql_query($sql);

That happens when someone Logs in. Basically, it adds an MD5 only encrypted password to a new database table row.

So, I have a few passwords in there including my own and "RawrZ0r" my test user.

Then I try adding the users to the sNews database in SQL:
Code: [Select]
INSERT INTO users (id, username, username_real, password
SELECT  user_id, username, username_clean, md5new_password
FROM   phpbb_users

I thought - wrongly - that this would work. But apparently that's not the case. I don't have much experience in the way of SQL unfortunately, as design is more my forte. If anybody has any tips, I'd be eternally grateful.

EDIT: Forgot to say -why- it doesn't work! It all imports fine, but when I try and log in sNews-side it says "Wrong username and/or password and/or sum entered."
« Last Edit: August 31, 2009, 06:07:53 PM by Archadian »
Logged

Joost

  • Guest
Re: Import users from PhpBB3?
« Reply #1 on: August 31, 2009, 06:35:32 PM »

Is the salt added when verification (inlog) takes place?
sNews has to be modified to be able to use the salt.
« Last Edit: August 31, 2009, 06:39:15 PM by Joost »
Logged

Archadian

  • Newbie
  • *
  • Karma: 0
  • Posts: 4
Re: Import users from PhpBB3?
« Reply #2 on: August 31, 2009, 06:52:02 PM »

But that's what this code is for:
Code: [Select]
$md5new_password = md5( $_REQUEST['password'] );

$sql = "UPDATE " . USERS_TABLE . "
      SET md5new_password = '$md5new_password'
      WHERE user_id = " . $row['user_id'];
$db->sql_query($sql);

When people log in to the forum, it takes the raw password and encrypts it to md5 (which is what sNews uses, right?) and then puts it into the md5new_password row which then gets imported to the password row of sNews. So I'm pretty sure that I wouldn't have to use salt. If for some reason, that's wrong; I'll look up the salt hashing for phpbb3 and post it here.
Logged

Joost

  • Guest
Re: Import users from PhpBB3?
« Reply #3 on: August 31, 2009, 07:01:36 PM »

sNews needs the md5(salt + password) to check against the hash in the database.
I am pretty sure, phpbb3  does the same.

Logged

Archadian

  • Newbie
  • *
  • Karma: 0
  • Posts: 4
Re: Import users from PhpBB3?
« Reply #4 on: August 31, 2009, 07:13:53 PM »

Not sure if this helps;

sNews PW: 21232f297a57a5a743894a0e4a801fc3
Phpbb3 PW: $H$9.YspNMrf7o/Qp0S4t.VpbWJWWe07A.
Phpbb3 PW (with above md5 scipt): 04cfc1c6710a065c367235d2f40775b9

Pretty sure that sNews uses only $md5('password') and Phpbb3 users $md5($salt('password'))            * Still not entirely sure, though.

Found this;
Code: [Select]
$password = request_var('password','');
$password_hash = phpbb_hash($password);
trigger_error('The password that was entered is hashed as:<hr/>'.$password_hash);


And in phpbb3/includes/functions.php

Code: [Select]
function phpbb_hash($password)
{
$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';

$random_state = unique_id();
$random = '';
$count = 6;

if (($fh = @fopen('/dev/urandom', 'rb')))
{
$random = fread($fh, $count);
fclose($fh);
}

if (strlen($random) < $count)
{
$random = '';

for ($i = 0; $i < $count; $i += 16)
{
$random_state = md5(unique_id() . $random_state);
$random .= pack('H*', md5($random_state));
}
$random = substr($random, 0, $count);
}

$hash = _hash_crypt_private($password, _hash_gensalt_private($random, $itoa64), $itoa64);

if (strlen($hash) == 34)
{
return $hash;
}

return md5($password);
}

Could I modify sNews to use this?

If all goes well, we could end up making a sNews ~ PhpBB3 bridge
Logged

Joost

  • Guest
Re: Import users from PhpBB3?
« Reply #5 on: August 31, 2009, 07:54:18 PM »

Pretty sure that sNews uses only $md5('password') and Phpbb3 users $md5($salt('password'))            * Still not entirely sure, though.

I am pretty sure too. That means you have to modify sNews, to make it compatible.


Could I modify sNews to use this?

I haven't got a clue what it is doing.
Does it generate a unique salt for every password?
Is this unique salt stored in a separate field?

Anyway, I see no reason why adding this code is not possible.
Logged

Archadian

  • Newbie
  • *
  • Karma: 0
  • Posts: 4
Re: Import users from PhpBB3?
« Reply #6 on: August 31, 2009, 08:10:43 PM »

Yes it does generate a unique salt for every password. The problem is I already have ~150 registered members, that's why I was hoping to get it working with just the md5 encrypted passwords as they would be the same.
Logged