Hi, This is for phpbb3. I need to create a seperate login system for it, and the password string stored in database is encrypted in some weird way. Not MD5 Could someone please find some function/query/decoder to decode this string: $H$9x0FD9uiOMX2tFveULOGxsQg4COL1I1 It should return "ssssss". I have been looking for 1 full day to find some code in phpbb3 to decrypt it, but still no success... Any help will be most appreciated Thank you
you dont need to find the way to DEcode it... you need to find the routine in phpbb3 which ENcodes it to that string. this is sure a one-way encryption similar to md5 or sha1. dont know about phpbb3, it sure uses salt somewhere... i could investigate this issue for you, but you gotta hire me. no time for extended welfare PM me.
i agree with the post above, i have done something similar to this, the password is double hashed using a salt, and the hash used is md5
i know nothing much about phpbb. but i found this in functions.php. This is the phpbb_hash function. Does it help? function phpbb_hash($password) { $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; $random_state = unique_id(); $random = ''; $count = 6; if (($fh = @fopen('/dev/urandom', 'rb'))) { $random = fread($fh, $count); fclose($fh); } if (strlen($random) < $count) { $random = ''; for ($i = 0; $i < $count; $i += 16) { $random_state = md5(unique_id() . $random_state); $random .= pack('H*', md5($random_state)); } $random = substr($random, 0, $count); } $hash = _hash_crypt_private($password, _hash_gensalt_private($random, $itoa64), $itoa64); if (strlen($hash) == 34) { return $hash; } return md5($password); } PHP:
Since you're working with login integration. I'd suggest using this class: http://www.phpclasses.org/browse/package/4826.html Has all the necessary functions to deal with phpbb3
Doesn't PHPBB3 have an API? If so, I think your best bet is to perform what you need via that API. If there is indeed an API, you can unify login between this and any other app you have running.