Announcement

Collapse
No announcement yet.

how to import SMF passwords?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • how to import SMF passwords?

    I very much would like to import my SMF passwords. I'm afraid that I'll lose subscribers if I make them jump through the hoop of resetting it. I've seen some messages on the board saying this is now supported, and some messages saying that it's not possible and users must reset it.

    Is there a way I can import the SMF passwords?

  • #2
    I reset the password for my test account (using the same password in vBulletin as I did in SMF) and took a look at what was stored in vBulletin versus SMF. They are different.

    How are passwords stored in vBulletin? If the password in SMF can be decoded (isn't just a hash), I'm happy to write a script that will decode the SMF password and then encode it in the way vBulletin requires - I just need to know what this is (and whether the SMF password can be decoded). Can anyone shed light?

    Comment


    • #3
      In short this can't be done.

      The SMF passwords that I've seen are md5(md5(password) . salt)) the same way vBulletin stores them, but the salts are diffrent.

      A hash is one way, there is no way of going back on it, and with a salt it makes it all the more tricky.

      For a users to reset their password is very easy and you could say that its ongoing efforts in imporving security ?
      I wrote ImpEx.

      Blog | Me

      Comment


      • #4
        Replacing the vBulletin salt with the one used by SMF isn't hard, but it looks like you're doing a double-hash, which makes it less straightforward. I still might be able to do it (if only I could see where password_md5 is set), but I'm not sure it's a good idea. The vBulletin method is more secure, and I don't really want to start hacking - it creates a myriad of problems down the road.

        Still, I'm worried about losing members. I saw a post from someone else saying that the necessity of resetting passwords killed his community, and I really don't want that to happen. I'm thinking of putting up a page at the location of the old forum that explains exactly what to do and then uses meta refresh to redirect - something to make it more user-friendly.

        Comment


        • #5
          Originally posted by permutations
          Replacing the vBulletin salt with the one used by SMF isn't hard, but it looks like you're doing a double-hash, which makes it less straightforward. I still might be able to do it (if only I could see where password_md5 is set), but I'm not sure it's a good idea. The vBulletin method is more secure, and I don't really want to start hacking - it creates a myriad of problems down the road.
          I've had this asked for many a time, mostly with IPB as its a case of "can't you just hack the dB to get it in" and the answer always has to be no, the primary requirment of ImpEx is not to break vBulletin and its data, secondly to import data.

          Originally posted by permutations
          Still, I'm worried about losing members. I saw a post from someone else saying that the necessity of resetting passwords killed his community, and I really don't want that to happen. I'm thinking of putting up a page at the location of the old forum that explains exactly what to do and then uses meta refresh to redirect - something to make it more user-friendly.
          I've seen a few people claim this before an import though I've not seen any evidence of it afterwards. Re-setting a password is very trivial for a user, entering their email address in one form, clicking enter, checking their email and following a link, then resetting it to what ever they like.
          I wrote ImpEx.

          Blog | Me

          Comment

          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
          Working...
          X