[dmm2020]

Hi, according to other threads the following SHOULD compute the password hash for vBulletin:

md5(md5($rawpassword).#seed) where seed is the user hash.

However, it's not working on my server. Passwords do work within vBulletin but not when I am trying to set up a script licensing site to use the same vBulletin logins. When I run the same formula drawing from the same exact database, I get a different result. Not going to post the hash here but they are completely different results. Does anyone have a clue why that would be happening?

[Zachery]

Its a salt, not a seed, but where are you getting the salt from?

Here is a query I use to reset passwords:

Block Disabled:      (Update License Status)
Suspended or Unlicensed Members Cannot View Code.

[dmm2020]

Thanks. Salt is what I mean. Not sure why I said seed.

--------------- Added 30 Aug 2013 at 00:45 ---------------

Here is my problem. This is not a real salt but it shows the special characters I am running into. I changed the alphanumeric characters.

6K)Gf"[email protected]|{N_ 6K)Gf"[email protected]|{N_ 0 [49]

This is what I see in phpMyAdmin and when I print_r($res) of the particular record I testing with.

What I get with the below code:

Block Disabled:      (Update License Status)
Suspended or Unlicensed Members Cannot View Code.

is this output: 6K)Gf"[email protected]|{N_

It seems almost like something changed in PHP because if something funky is in the hash character wise, the string is getting chopped. Is there a way around this?

--------------- Added 30 Aug 2013 at 00:56 ---------------

To explain what I am after, I want to set up a licensing site where the members login to the website using the same credentials as they use in the forum, but still a separate login, that is not sharing sessions. However, the above problem is stopping me and has me stumped as to what is causing PDO to chop part of it. Do I need to set a character set or something in the database?

[nhawk]

I don't know how you're getting special characters in salt. Salt is limited to ascii 33 to 126. None of those are control or special characters.

Now if you're getting special characters in your hash, that's a problem with your hash coding. Not with salt.

[dmm2020]

Originally Posted by nhawk

I don't know how you're getting special characters in salt. Salt is limited to ascii 33 to 126. None of those are control or special characters.

Now if you're getting special characters in your hash, that's a problem with your hash coding. Not with salt.

I changed the salt but the problem I run into now, is the md5 formula before yields a different value in MySQL as compared to PHP. I am grabing the salt from $res[0]['salt'] and password from $_POST['[pass']) and using md5(md5($rawpassword).$salt) but this yields a different result than the MySQL version done in VB. Basically, what I want to do is set up a subsidiary site to log in with vb credentials (not sharing session data though).

EDIT: I figured out the problem. When user salt contains nonconventional characters (see nhawk's post), MD5 produces different results between php and MySQL.

[nerbert]

Worth a try:

md5( ( md5( trim( $rawpassword ) ) . trim($salt) )