How can I generate the vBulletin password salt for the md5 hash when importing user data?
I am migrating users from my old database to vBulletin database.
I want the script to do this as it will take time otherwise.
I have all user passwords stored as md5 (password)
But of course this doesn't work with vBulletin due to salts etc.
So my code is like this:
<?Php
mydatabase_connect();
$select=mysql_query("SELECT * from `users`");
while($user=mysql_fetch_array($select)) {
forum_connect();
$check=mysql_query("SELECT * from `user` where `username` = '{$user[username]}'");
if(mysql_num_rows($check)>="1") {
echo "fail";
}else{
$insert=mysql_query("INSERT into `user` SET `username` = '{$user[username]}', `password` = '{$user[password]}', `email` = '{$user[email]}'");
if($insert) {
echo 'success';
}else{
echo 'fail';
}
}
mydatabase_connect();
}
?>
How can I change it to work with vBulletin, so I can set the vBulletin user. password
and the user vBulletin. salt
right. Whereas my $ user [password] or users
. password
stored as an md5 hash of their real text password.
Thank!
source to share
I don't know if this answer was too late, but you should be able to automatically pass your passwords to vBulletin.
vBulletin generates its hashes as follows:
$hash = md5(md5($plaintext) . $salt);
So, to transfer users, do something like this:
$salt = /* generate salt */;
$vb_hash = md5($your_old_hash . $salt);
To make yourself easier, use the vBulletin salt generation method. It is in the vB_DataManager_User class.
source to share
If your old system uses unsalted hashes and vBulletin uses salted hashes, then if you want users to keep their passwords, you will have to change vBulletin to use unsalted ones. I'm not familiar with the vBulletin code, but if each user has their own salt value, just set that to an empty string is sufficient.
Otherwise, write a page so the user can navigate to the new system. You can direct users to the page on failed login, as well as check your credentials against the old system and generate a new salt and hash for the new system.
source to share
I adapted the process I used to transfer user information from an existing database to the vbulletin database. It uses database queries entered through the MySQL command line client, no PHP processing required.
It works for the scenario described: passwords in an existing database were saved using md5(password)
.
Both databases are on the same server, vBulletin 4.x
Three stored functions will be created:
vbulletin.userTitle() // Convert user type from current db to a user title
vbulletin.groupId() // Convert current user type into permission group ID
vbulletin.randomSalt() // Create salt using same approach as used by vbulletin
Login through MySQL client: mysql --user=xxx -p vbulletin
Create stored functions:
delimiter //
CREATE FUNCTION vbulletin.userTitle(mtype VARCHAR(255))
RETURNS CHAR(250)
NO SQL
BEGIN
DECLARE userTypeTitle CHAR(250) DEFAULT "";
CASE mtype
WHEN 'user' THEN SET userTypeTitle = 'Member';
WHEN 'admin' THEN SET userTypeTitle = 'Administrator';
WHEN 'moderator' THEN SET userTypeTitle = 'Regional Moderator';
ELSE
SET userTypeTitle = 'Member';
END CASE;
RETURN userTypeTitle;
END//
CREATE FUNCTION vbulletin.groupId(mtype VARCHAR(255))
RETURNS smallint(5)
NO SQL
BEGIN
DECLARE groupTypeId smallint(5) DEFAULT 0;
CASE mtype
WHEN 'user' THEN SET groupTypeId = 2;
WHEN 'admin' THEN SET groupTypeId = 6;
WHEN 'moderator' THEN SET groupTypeId = 11;
ELSE
SET groupTypeId = 12;
END CASE;
RETURN groupTypeId;
END//
CREATE FUNCTION vbulletin.randomSalt()
RETURNS CHAR(30)
READS SQL DATA
BEGIN
DECLARE count INT DEFAULT 0;
DECLARE rn1 CHAR;
DECLARE saltout VARCHAR(30) DEFAULT "";
WHILE count<30 DO
SET count = count+1;
SET rn1 = CHAR(FLOOR(33 + (RAND() * 93)));
SELECT CONCAT(saltout, rn1) INTO saltout;
END WHILE;
RETURN saltout;
END//
delimiter ;
Backing up databases before transferring user information.
The vbulletin database has all of the information used in setup and testing, so there are three empty tables that we will be updating.
TRUNCATE `vbulletin`.`user`;
TRUNCATE `vbulletin`.`userfield`;
TRUNCATE `vbulletin`.`usertextfield`;
Modify the following queries to use the existing database and associated fields.
Fill in the main users table.
The salt is generated through a stored function for each row in an existing custom table.
A hashed password from an existing database is hashed with a salt when inserted into the vbulletin database like this:MD5(current_hashed_password + new_salt)
Basic query:
INSERT INTO `vbulletin`.`user` (
`userid`, `username`, `salt`, `password`, `email`, `passworddate`, `styleid`, `showvbcode`, `joindate`, `lastvisit`, `lastactivity`, `reputationlevelid`, `timezoneoffset`, `usergroupid`, `usertitle`
)
SELECT
`current_userid`, `current_username`, vbulletin.randomSalt() as new_salt, MD5(current_hashed_password + new_salt), `current_email`, CURDATE(), 5, 2, UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), 5, 0, vbulletin.groupId(current_type), vbulletin.userTitle(current_type)
from `current_database`.`user`;
The following queries add default entries for each user.
If you've added any custom profile fields, you'll want to transfer this information to the user fields table:
INSERT INTO `vbulletin`.`userfield` (
`userid`, `field5`, `field6`
)
SELECT
`current_userid`, `firstname`, `lastname`
from `current_database`.`user`;
INSERT INTO `vbulletin`.`usertextfield` (
`userid`
)
SELECT `current_userid`
from `current_database`.`user`;
Set the reputation level for users of the admin group:
UPDATE `vbulletin`.`user` SET `reputationlevelid` = 1 WHERE `usergroupid` = 6;
Remove the saved functions, they will no longer be used:
DROP FUNCTION vbulletin.userTitle;
DROP FUNCTION vbulletin.groupId;
DROP FUNCTION vbulletin.randomSalt;
source to share