Announcement

Collapse
No announcement yet.

xenforo to vBulletin importer

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    It would be nice if IB would find a way to say "go for it" to Andreas. i.e. Andreas releasing sprints for vb4, instead of releasing on vb.org
    I buy 420 forums

    Comment


    • #17
      Little off topic guys lol. Anyway so which would be preferable. Andreas, or IPB converter?

      Comment


      • #18
        Originally posted by JohnnyMcKinney View Post
        Little off topic guys lol. Anyway so which would be preferable. Andreas, or IPB converter?
        Probably Andreas' convertor. You don't have to go through two conversions then.
        Translations provided by Google.

        Wayne Luke
        The Rabid Badger - a vBulletin Cloud demonstration site.
        vBulletin 5 API - Full / Mobile
        Vote for your favorite feature requests and the bugs you want to see fixed.

        Comment


        • #19
          I've tested the impex modul from andreas and it worked without any problems for the standard content
          Not sent from my iPhone and not using any browser attaching any 3rd party advertisement to my posts

          Comment


          • #20
            Anyway to make it accept current xf password and force them to change the password?

            Comment


            • #21
              Originally posted by JohnnyMcKinney View Post
              Anyway to make it accept current xf password and force them to change the password?
              Without custom code (Plug-ins): No.

              But doing smth. like giving imported users an erorr when the login fails and let them input their unhashed password to to a "XF auth" and then store it for vBulletin isn't actually thaat complicated.

              Comment


              • #22
                Originally posted by Andreas View Post
                Without custom code (Plug-ins): No.

                But doing smth. like giving imported users an erorr when the login fails and let them input their unhashed password to to a "XF auth" and then store it for vBulletin isn't actually thaat complicated.
                That just went over my head lol.

                Comment


                • #23
                  Originally posted by JohnnyMcKinney View Post
                  That just went over my head lol.
                  it isn't possible without additional programming.
                  Translations provided by Google.

                  Wayne Luke
                  The Rabid Badger - a vBulletin Cloud demonstration site.
                  vBulletin 5 API - Full / Mobile
                  Vote for your favorite feature requests and the bugs you want to see fixed.

                  Comment


                  • #24
                    Originally posted by Wayne Luke View Post
                    it isn't possible without additional programming.
                    i understood that part haha.

                    Comment


                    • #25
                      Originally posted by s.molinari View Post
                      I disagree with such a system giving an error, when the password doesn't match the vB hash though. How would the system know the user just didn't properly type in the password? This "imported password correction system" should just simply happen, as soon as the password doesn't match against the XF hash for the first login.
                      This is technically impossible (without compromising security at least a bit):
                      vBulletin does not transfer the plaintext password but only it's MD5 hash.

                      To be able to authenticate against a XF scheme the plaintext password would be required, so if you want this to happen automatically you would have to remove the MD5-Hashing for all logins.

                      XF can handle different authentication schemes because it does always transfer the plaintext password.

                      Granted that MD5-Hashes are not that hard to break, it makes it at least a bit more difficult for the occasional "sniffer", if this is removed I personally would at least recommend to use SSL for logins.

                      Comment


                      • #26
                        That's basically what I said before

                        Reject the first (MD5) authentication attempt with an error and try again with the plaintext password (against the foreign authentication scheme) if the account is flagged - if it succedes update the password, if not produce an error.
                        Wether that happens visibly or "behind the scenes" are implementation details.

                        Comment


                        • #27
                          However, if the account isn't already flagged as "correct" through the vB authentication scheme (like it was freshly imported), then you don't need to send out a form which will hash the password at the first attempt.
                          ... which means that all logins will work without hashing, as you don't know who is going to log in (a "vB account" or a "XF account") before he/she has attempted to log it, the server just sees a guest
                          I don't see any way to avoid two authentication attempts if you don't want give up on hasing at all (unless you want to introduce some "preflight AJAX call" just to check if an account with the entered username does exist and is not yet flagged).

                          you don't have to reject the first attempt to ask for the password again.
                          Rejecting the first attempt does not necessarily mean to ask again, the first attempt (and reject) could be handled silently - the user wouldn't even notice the first attempt was jerected.
                          Baut as said before, those would be just implementation details.
                          Last edited by Andreas; Mon 4th Jun '12, 11:25am.

                          Comment

                          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                          Working...
                          X