How do I derive the bbpassword hashed password value stored in the cookie from the user.password value as stored in the database for a given user?
I need to be able to do this so I can fix the LDAP authentication plugin here http://www.vbulletin.org/forum/showthread.php?t=196596 which is not setting the cookie bbpassword when it sets user passwords, so its not obeying the 'remember me' tick box
The process is documented in numerous places as:
where license_id is the 'VBF*******' value of your license and $salt is user.salt value from the db.
However when I code this, I do not get the same hashed value as what is stored in the cookie.
Note that I can successfully generate the user.password hash as stored in the database with md5(md5($password) + $salt).
The code I am using is very simply:
The $calc_db_pwd matches the hashed value stored in the database for the user in question, but the $calc_cookie_pwd produced does not match the bbpassword value in the cookie.
I'm really stumped here. I think I'm doing exactly what has been documented but no go.
Has the way the cookie pwd is being generated changed recently?
Would really appreciate some help on this one
I need to be able to do this so I can fix the LDAP authentication plugin here http://www.vbulletin.org/forum/showthread.php?t=196596 which is not setting the cookie bbpassword when it sets user passwords, so its not obeying the 'remember me' tick box
The process is documented in numerous places as:
Code:
md5(md5(md5($cleartext_password) + $salt) + $license_id)
However when I code this, I do not get the same hashed value as what is stored in the cookie.
Note that I can successfully generate the user.password hash as stored in the database with md5(md5($password) + $salt).
The code I am using is very simply:
Code:
<?php $db_link = mysql_connect('localhost', 'root', 'xxxxxx') or die('Could not connect: ' . mysql_error()); mysql_select_db('vbull') or die('Could not select database'); $users_query = "select salt, password from vbull.user where username = 'xxxxx.xxxxx'"; $results_cursor = mysql_query($users_query) or die($query.' - Query failed: ' . mysql_error()); while ($user_row = mysql_fetch_array($results_cursor, MYSQL_ASSOC)) { $db_pwd = $user_row['password']; $db_salt = $user_row['salt']; } $calc_db_pwd = md5(md5('cleartextpassword') . $db_salt); echo 'calc_db_pwd: ' . $calc_db_pwd . ' stored_db_pwd: ' . $db_pwd . '<br>'; $calc_cookie_pwd = md5($calc_db_pwd .'VBFxxxxxxx'); echo 'calc cookie bbpassword: ' . $calc_cookie_pwd . '<br>'; ?>
I'm really stumped here. I think I'm doing exactly what has been documented but no go.
Has the way the cookie pwd is being generated changed recently?
Would really appreciate some help on this one
Comment