I have searched all over the net, and here at PHPbuilders, and I am sorry to say that I couldn't find an accurate way of logging into Vbulletin with Curl. I have managed to login to PHPbb quite easily, and I have managed to login to boards like SMF and IPB. However, Vbulletin is posing quite a problem and I was wanting to know if any of you had found a method using Curl that would allow me to login to a vbulletin account with a supplied user name and password?

    If I remember correctly, vb uses a javascript trick when you login. You enter your username/password, click login, javascript encrypts the password, and only then is the user/pass sent to vb for login. Do a view source on the login page and you will see "A JavaScript implementation of the RSA Data Security" (or maybe it's in an included .js file). I think it might just be using MD5.

    So all you have to do is MD5 the right strings before you pass them in with curl.

    I'm not sure how this trick adds any security for them since a hacker is just as happy to login with the encrypted u/p as with the actual u/p but I haven't looked at their code for more than a few minutes.

      etully wrote:

      If I remember correctly, vb uses a javascript trick when you login.
      You enter your username/password, click login, javascript encrypts the password, and only then is the user/pass sent to vb for login.

      Do a view source on the login page and you will see "A JavaScript implementation of the RSA Data Security"

      This is what etully refers to.

      The javascript file is called vbulletin_md5.js
      And here is where it is called 'onsubmit'

      <form action="../login.php" method="post" name="loginform"
 onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">

function md5hash(input, output_html, output_utf, skip_empty)
{
        13 days later

        I have the same problem
        I used liveHTTPHeaders to get copy of the md5 password and passed it to curl as part of the post data but yet I sitll couldnt log into the vbulletin forum.

        i.e. vb_login_username=fooname&vb_login_password=foopass&s=&do=login&vb_login_md5password=xxxxx&vb_login_md5password_utf=xxxxx
        and still couldn't login

        halojoy wrote:

        This is what etully refers to.

        The javascript file is called vbulletin_md5.js
        And here is where it is called 'onsubmit'

        <form action="../login.php" method="post" name="loginform"
 onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">

function md5hash(input, output_html, output_utf, skip_empty)
{
          Write a Reply...