Announcement

Collapse
No announcement yet.

SMF Migration - Passwords

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • SMF Migration - Passwords

    I have read on this forum that vBulletin can not preserve passwords of users while migrating from SMF, due to using different hash functions. So, I was thinking about using a 2-4 weeks pre-migration phase, during which you do the following:

    1. In your SMF db, create a table as: vbpasswords(username, hashedpwd, date)

    2. Modify SMF authentication code such that: at the point where you check user entered -> hashed password vs db password, if the login is successful, rehash the password according to the vBulletin hashing mechanism, given that at this point you have access to what user entered (as password) this should not be a problem.

    3. Insert the username, vBulletin hashed password you got from (2) into the table from (1). Of course you need to take care of duplicate elimination, etc.

    4. After the 2-4 weeks pre-migration phase, migrate your forum into vBulletin, and update vBulletin user table rows with passwords from (1)

    This will not solve the problem entirely, but at least it will resolve a majority of users, at least the active users that you care most about.

    So, my question at this point is: what is the exact hashing mechanism for vBulletin, is it something like:

    md5(md5(password) + salt);

    if so, what is the salt? Is it a hardcoded string, or a configurable one, or a function of other data such as username, etc.? Since I won't have access to the code before I buy vbulletin, I can't check what the exact mechanism is, and I really don't want to buy vBulletin during the pre-migration phase and waste 1 month of registration fees.

    Thanks.

  • #2
    Or do this :

    http://www.vbulletin.com/docs/html/impex_passwords

    You could mod the source database to store the password as plain text in one field, then mod the importer to import from that field during your import.
    I wrote ImpEx.

    Blog | Me

    Comment


    • #3
      I thought about that, but even if it is for a transition period, it really is always risky to store clear password text anywhere at any time. That is why I was thinking of storing it in the vb hashed format.

      As for e-mailing everyone, I really don't think that is viable at all, since many email systems might treat system e-mails as spam, people might have changed their e-mails, this that... It will cause too much headache I think.

      Comment


      • #4
        You could also just store it as MD5, at least I think so, Jerry would know.

        Comment


        • #5
          Originally posted by dcabbar
          I thought about that, but even if it is for a transition period, it really is always risky to store clear password text anywhere at any time. That is why I was thinking of storing it in the vb hashed format.
          True, plain is bad, though if you can store them as MD5, ImpEx can still import them.
          I wrote ImpEx.

          Blog | Me

          Comment


          • #6
            What is the latest with the password import? Emailing members to change simply isn't a viable option. I know that Invision can import SMF passwords, so surely this should now be possible?

            I would like to try some of the above methods, but I'm not sure that I'm technical enough.

            What's the latest on this? Thanks.

            Comment


            • #7
              Originally posted by Jerry
              True, plain is bad, though if you can store them as MD5, ImpEx can still import them.
              Hi Jerry,

              Thanks for the reply. But, can you please confirm one more time that this is the case?

              I modified SMF code to store all user entered password in the database in a special table, basically my code stores the userid and md5($_REQUEST['passwrd']) in this table.

              Later on, at the point of the migration, I will put these passwords into the password field of the smf users table. So, this will be enough to import users' passwords into vBulletin, right?

              Sorry for asking this twice, but if I do this wrong, I will loose about 2-3 weeks (since pre-migration task of collecting passwords will take that much), so I am just trying to make sure.

              Thanks...
              Last edited by dcabbar; Tue 28 Mar '06, 12:34am.

              Comment


              • #8
                Realize that less than 5% of a forum's registered members are typically active members (posting or visiting at least once a month). If someone isn't diligent enough to keep a valid e-mail address on file with me, their membership isn't really all that important to me.

                Comment


                • #9
                  There is a mod for preserving SMF passwords. It requires editing the code in a file or two. Vbulletin does not support code modifications so its use at your own risk although it seems to have worked fine for many others.

                  http://www.vbulletin.org/forum/showthread.php?t=97243

                  edit: looks like its not working with 3.5.4 ... I am not sure what changed but the mod itself isn't very complicated if you want to attempt to work it out.
                  Plan, Do, Check, Act!

                  Comment


                  • #10
                    Originally posted by feldon23
                    Realize that less than 5% of a forum's registered members are typically active members (posting or visiting at least once a month). If someone isn't diligent enough to keep a valid e-mail address on file with me, their membership isn't really all that important to me.
                    Losing forum members may not be important to you, but it is to many others.

                    Intelligence has nothing to do with it. Many people are smart enough to sign up for forums (and other online tools) with secondary email addresses, such as Hotmail or Yahoo, because they are concerned about potential spam. Often these are unused for a while and so expire and need resetting.

                    Other people move jobs or change their email adresses for numerous reasons and, funnily enough, membership of an online forum is not topmost in their mind when they do so.

                    But they may still be valued members.

                    Comment


                    • #11
                      Originally posted by Reeve of Shinra
                      There is a mod for preserving SMF passwords. It requires editing the code in a file or two. Vbulletin does not support code modifications so its use at your own risk although it seems to have worked fine for many others.

                      http://www.vbulletin.org/forum/showthread.php?t=97243

                      edit: looks like its not working with 3.5.4 ... I am not sure what changed but the mod itself isn't very complicated if you want to attempt to work it out.
                      Thanks for the link Reeve of Shinra, I'll keep an eye on that topic - although it doesn't look promising so far. I couldn't possibly work it out, I am pretty far from being a PHP coder.

                      I wonder if it would still be possible to buy a copy of 3.5.0, then import the uers and passwords and then upgrade to 3.5.4. Anyone form vB able to confirm if this is possible?

                      But it would really be far more useful if vBulletin themselves would support importing of SMF passwords. If Invision can do it, surely these guys can?

                      Comment

                      widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                      Working...
                      X