decoding vBulletin password

mee88

Hi Guys,

I am using vBulletin forums, and I want to let only the registered people in my forum to access some separate pages, I did every thing but could not decode the password of users that stored in my batabase (mysql), so can any one help PLZ.

e.g; when the user enter his user name and password, in a page; I connect to the vBulletin forum database and check for that data, but the password is not as the user enter; becase it is encoded in the database!!

thanx

NogDog

I don't know for sure, but most likely it is hashed either via the MySQL PASSWORD() function or one of the PHP hashing functions such as [man]md5/man. With a little trial and error you should be able to determine which. If it was done via MySQL, then your query would be something like:

$sql = "SELECT COUNT(*) FROM `users` WHERE `id`= '$login' AND `password` = PASSWORD('$password')";

If done via PHP hashing, then:

$hashed = md5($password);
$sql = "SELECT COUNT(*) FROM `users` WHERE `id`= '$login' AND `password` = '$hashed'";

bradgrafelman

NogDog wrote:
If done via PHP hashing, then:

Heh.. MD5 isn't native to PHP only...

$sql = "SELECT COUNT(*) FROM `users` WHERE `id`= '$login' AND `password` = MD5('$password')";

In fact, MySQL offers various encryption and compression functions.

Weedpacket

Why would you need the user's password in the first place?

If they're logged in as a registered user then presumably vBulletin is using some mechanism to identify which http requests are coming from registered users (the bb* cookies). Use that mechanism.

mee88

Thanx guys,
I tried the php md5 but it doesn't work!!

Nishaven

I ended up doing something like Weedpacket suggested, basically

chdir('/var/www/www.yourwebsite.com/community');
require_once('./global.php'); // this is vB's code
if ($bbuserinfo['email'])
{
// user is logged in
}
else
{
// tell them to log in
}