Announcement

Collapse
No announcement yet.

IPS said, this is your job

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • IPS said, this is your job

    We want to move from IPB to VBB and members do NOT need to reset their passwords (we got tons of members)

    "Again", we asked on IPB to see "why not", they said

    from Mark, IPS staff

    believe our convertor imports the passwords from the VB database and uses the VB method of logging in until the user signs in successfully whereupon it starts using the IPB method of logging in for them.

    There's no reason I can think of that vBulletin can't do that - it's not our job to provide an IPB to VB convertor - that's their job, and it's not our fault if they can't figure out how.
    Where $member is the information stored in the ibf_members_converge table

    Code:
    $member['converge_pass_hash'] = md5( md5( $member['converge_pass_salt'] ) . md5($password) );
    From the way they replied, they believe their script is more secure and "better technology skills" than VBB

    Anyway, secriously asking "again", could Impex to figure out a solution please?

    Note: I know there is a module/fix, but not from official, which I hasitate to use it


  • #2
    After importing with Impex, users will need to reset their passwords.
    No...No...Meester vBulletin, he no work right.

    Comment


    • #3
      It isn't an ImpEx issue either. We use a different password hashing scheme that is incompatible. Fixing this is more than changing ImpEx it is changing how vBulletin stores and changes passwords. At this time, we do not plan to change this.

      Users will have to reset their passwords.
      Translations provided by Google.

      Wayne Luke
      The Rabid Badger - a vBulletin Cloud demonstration site.
      vBulletin 5 API

      Comment


      • #4
        I figured it out a very long time ago how to do it, that authentication is a process which results in true and false and that it's a MD5 and a salt makes it quite easy.

        Implementing "or figuring it out" it isn't the issue at all.

        As I've stated several times over the years, the primary role of ImpEx is to protect the vBulletin database (i.e. keep the data valid, and not modify it from a default install).

        To be able to import passwords that are not in plain MD5 or even plain text would require the database to be modified.

        Until there is provision in vBulletin for this ImpEx will not import 3rd party hashing (or other) techniques for password storage.

        http://www.vbulletin.com/docs/html/impex_passwords
        I wrote ImpEx.

        Blog | Me

        Comment


        • #5
          As far as I'm aware the reason it cannot be done is because vB hashes the password making it one way, IPB on the other hand only encrypt it (or used to). I'm not sure how they bypass it... my only guess would be that they do this:

          *Have user login.
          *IPB copies password, if vB accepts that the password is valid IPB adds it to their database.

          Whilst vB could do it, I'm not sure that's really a great deal. What's the issue with having people reset their passwords. It's a hassle but it's only once.
          - TomJames

          Comment


          • #6
            from the past cases and reading from post here

            resetting password could very possibly lose 50% of members' activity, which we could NOT afford..

            Comment


            • #7
              Originally posted by ikillbill View Post
              from the past cases and reading from post here

              resetting password could very possibly lose 50% of members' activity, which we could NOT afford..
              I have never heard any valid account of what % of an active user base that has been lost, as for inactive accounts that can be seen as pruning as they aren't active on the old board either.

              The only figures I've seen have been speculation or conjecture.

              And I've done literally thousands of imports.
              I wrote ImpEx.

              Blog | Me

              Comment


              • #8
                well, it is abit complicated,in short, most of our members come to our forum mostly for their first year of participation and then getting less and less year after, so ususally it is very hard to pull them back after 2nd year

                Therefore, we do use a lot of newsletters to bring them back frequently, but if they find password is not working, then they might just quit entirely

                well, we are really stucked with IPB, wish this could be resolved some day soon

                Comment


                • #9
                  Originally posted by ikillbill View Post
                  Therefore, we do use a lot of newsletters to bring them back frequently, but if they find password is not working, then they might just quit entirely
                  You can't really blame any of this on password reset. If the users don't want to reset their password, then your content isn't really worth anything to them. If you make your content of interest to them, then they will reset their password, as it's a very easy process. Password resets should not be a factor in your decision to switch board software as it will pretty much be like that with any other software.
                  No...No...Meester vBulletin, he no work right.

                  Comment


                  • #10
                    Basically, what you said is true, but if lets put market competition into considerations, I think it is not that simple, and we do have strong contents, but our site is like education site for certain period of your life only

                    Comment


                    • #11
                      Moving to a new forum system would warrant sending out an announcement anyway, puting one link in there to the email reset is no big issue.

                      I have to agree with jmurrayhead on this, password reset (i.e. clicking one link) is nothing compared to the content and attraction of the site.
                      I wrote ImpEx.

                      Blog | Me

                      Comment


                      • #12
                        Indeed, if it's a site the users are active at they'll update their passwords. Infact if you do the change well and list a load of 'awesome' new features some of your less active ones will probably also update their passwords just to have a look.

                        It's almost a second chance to win back a lot of your old, inactive members. You just have to make sure that you highlight your new features to draw them in.
                        - TomJames

                        Comment


                        • #13
                          You can organize some kind of event on your site with prize giveaways (like iPod, Wii, etc). People love freebies. Stick an invitation to your announcement. Make them sign in to participate. It might work.
                          Last edited by kyrgyz; Thu 15 Jan '09, 5:53pm.

                          Comment


                          • #14
                            Originally posted by kyrgyz View Post
                            You can organize some kind of event on your site with prize giveaways (like iPod, Wii, etc). People love freebies. Stick an invitation to your announcement. Make them sign in to participate. It might work.
                            This would probably work really well for getting members, to reset their passwords and become active after doing so.

                            Comment


                            • #15
                              ok, from another aspect, with "potential sales volumns you could get from IPB", won;t it be worthy to provide a offiial add-on on impex?

                              I did search here and found some people like me are not willing to ask members to reset password..etc

                              There will be quiet some IPB users who want to come to VBB as seamless as possible

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X