I did, thanks. We already have something implemented for logging in, which is working fine. The only issue I had was that we were automatically generating a password for the users for vbulletin (and other ancillary services) by creating a hash of some ids and timestamps (something we can generate on the fly, and not need to store). VBulletin is not handling an md5 hash as a password string, so we had to come up with a different hashing method. Python's hash() function works for us, as long as the integer returned is not negative, so we just strip out the dash if it exists.
MD5 hashed passwords don't seem to be working
Collapse
X
-
Also, I get an error every time I try to post a reply:
Error while saving content: SyntaxError: JSON.parse: unexpected character at line 1 column 12 of the JSON dataLeave a comment:
-
thisIsmyl0ngp@$5wordString - supported
a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6 - supported
sometimesthebestpasswordsarejustalongsentance - supported
b3c2146889e90f661ec1a24f8c463e8e - not supported
bccbadf437e28fffaecaabdf9cdfce1e - not supported
Or are you saying that the encoding of the password does not support md5 as an encoding method?
*Edited for clarificationLast edited by keef0r; Wed 30 Dec '15, 5:16pm.Leave a comment:
-
Wayne Luke I get the feeling you didn't really read my post, and just gave me a canned response on how passwords are stored and how to update a password via an SQL statement, like I was locked out of my account.
I have no problem actually setting a password. The problem arises when I use specific a password format. Is there any reason why I can't set my password (the actual password) as an md5 hash?
It isn't supported!.. . Nor should it be supported in current versions of vBulletin. You cannot use a format that is not supported.Leave a comment:
-
Are you calling the vB user API to login to vB? The 3rd parameter of the login() method is the md5 password. You can set the 2nd parameter (the plain text password) as null.
Code:$username = 'usertest'; $password_md5 = md5('test123'); $api = Api_InterfaceAbstract::instance(); $loginInfo = $api->callApi('user', 'login', array($username, null, $password_md5));
Leave a comment:
-
Again, I'm not talking about what VBulletin uses to store passwords, I'm talking about the actual password string. If I set my password to the following, I am unable to login with it:
b3c2146889e90f661ec1a24f8c463e8e
I am not talking about setting this value in the database, or using some script. I mean I literally assign the password as that string. If I set it as such, the system tells me the username or password are invalid, even though the same string is still in my clipboard from when I pasted it into the password field of the user profile in the admin section (so I know I haven't typed it in wrong, or whatever).
However, if I set it to the following (non-md5 compliant string), I am able to login without issue:
bccbadfhhieijfffaecaabdfhcdfcehe
To me this seems that whatever validation the system uses to verify the authenticity of the password, is choking if it is an md5 string.
Regardless, we moved on from using md5 and are using python's hash() function, which just returns an integer. I did however notice another issue with your password validation: if the password starts with a dash (as in a negative integer), the system throws an invalid_password_scheme error. We have circumvented this by just stripping off any proceeding dash in our generation function.
At this point I no longer need any support, but I would still like an answer. Please let me know if I haven't been clear enough on what the actual issue is.Leave a comment:
-
As Wayne has mentioned, vB5 doesn't use an MD5 hashed password by default. The default password scheme is a Blowfish Scheme.Leave a comment:
-
Wayne Luke I get the feeling you didn't really read my post, and just gave me a canned response on how passwords are stored and how to update a password via an SQL statement, like I was locked out of my account.
I have no problem actually setting a password. The problem arises when I use specific a password format. Is there any reason why I can't set my password (the actual password) as an md5 hash?Leave a comment:
-
As of vBulletin 5.1.0, we don't use an MD5 hashed password by default. The default password scheme is a Blowfish Scheme. Please see the 5.1.0 Release Candidate release announcement for more information. http://www.vbulletin.com/forum/forum...ate-1-released
You should be able to assign a temporary password using this query:
Code:UPDATE vb_user AS user SET token = concat(MD5(concat(MD5('pass1234'), user.token)),' ', user.token), scheme = 'legacy' WHERE userid = 1;
Leave a comment:
-
MD5 hashed passwords don't seem to be working
We are working on a Single Sign On script, where the user logs into our system, and they are automatically signed into their corresponding VBulletin account as well. We are setting their VB password as an md5 hash of some values, but it is not working. I have tried manually updating the user's password with the admin account, and I have found the following behavior:
If I set the password to `b3c2146889e90f661ec1a24f8c463e8e` it tells me "You have entered an invalid username or password."
If I try `mytestpassmytestpassmytestpassmytestpass` I am able to login, and with that I was able to confirm its not a password length issue.
If I try converting numbers in the original hash to its corresponding letter, it works: `bccbadfhhieijfffaecaabdfhcdfcehe`
But if I replace the non hex letters with random numbers in the string above, it doesn't work: `bccbadf437e28fffaecaabdf9cdfce1e`
Based on this behavior it seems that the VB5 system has issues trying to validate a password that is a valid md5 hash. Is this the case? Are there any work arounds?
Any help would be much appreciated.
Related Topics
Collapse
-
by petecHi,
We were running an old v3 forum and linked this to our in house systems so we could sync the users password across our system and the forum.
Since upgrading to v5.6.4 this...-
Channel: Support Issues & Questions
Fri 23 Oct '20, 8:31am -
-
by seachemI was prompted to reset my admin password today. I followed the link that says "Please change your password using this page." but before I can do anything it goes back to the previous page where...
-
Channel: Support Issues & Questions
Fri 28 Sep '18, 6:52am -
-
by sergiomcHello, I would like to know how to reset the password for all users, is this possible?
Send a new random password or re send a reminder with the same password that they have....-
Channel: Support Issues & Questions
Mon 24 Jun '13, 8:28am -
Leave a comment: