I have read on this forum that vBulletin can not preserve passwords of users while migrating from SMF, due to using different hash functions. So, I was thinking about using a 2-4 weeks pre-migration phase, during which you do the following:
1. In your SMF db, create a table as: vbpasswords(username, hashedpwd, date)
2. Modify SMF authentication code such that: at the point where you check user entered -> hashed password vs db password, if the login is successful, rehash the password according to the vBulletin hashing mechanism, given that at this point you have access to what user entered (as password) this should not be a problem.
3. Insert the username, vBulletin hashed password you got from (2) into the table from (1). Of course you need to take care of duplicate elimination, etc.
4. After the 2-4 weeks pre-migration phase, migrate your forum into vBulletin, and update vBulletin user table rows with passwords from (1)
This will not solve the problem entirely, but at least it will resolve a majority of users, at least the active users that you care most about.
So, my question at this point is: what is the exact hashing mechanism for vBulletin, is it something like:
md5(md5(password) + salt);
if so, what is the salt? Is it a hardcoded string, or a configurable one, or a function of other data such as username, etc.? Since I won't have access to the code before I buy vbulletin, I can't check what the exact mechanism is, and I really don't want to buy vBulletin during the pre-migration phase and waste 1 month of registration fees.
Thanks.
1. In your SMF db, create a table as: vbpasswords(username, hashedpwd, date)
2. Modify SMF authentication code such that: at the point where you check user entered -> hashed password vs db password, if the login is successful, rehash the password according to the vBulletin hashing mechanism, given that at this point you have access to what user entered (as password) this should not be a problem.
3. Insert the username, vBulletin hashed password you got from (2) into the table from (1). Of course you need to take care of duplicate elimination, etc.
4. After the 2-4 weeks pre-migration phase, migrate your forum into vBulletin, and update vBulletin user table rows with passwords from (1)
This will not solve the problem entirely, but at least it will resolve a majority of users, at least the active users that you care most about.
So, my question at this point is: what is the exact hashing mechanism for vBulletin, is it something like:
md5(md5(password) + salt);
if so, what is the salt? Is it a hardcoded string, or a configurable one, or a function of other data such as username, etc.? Since I won't have access to the code before I buy vbulletin, I can't check what the exact mechanism is, and I really don't want to buy vBulletin during the pre-migration phase and waste 1 month of registration fees.
Thanks.
Comment