NO encryption in users passwords.

reacen · 2010-03-07 05:34

reacen
Member
Offline

Registered: 2010-01-15
Posts: 11

Topic: NO encryption in users passwords.

Hi all,

I don't want any encryption in the password of any user in the MySQL database.

// In MySQL:

password = the real password;
salt = nothing;

// In fact, I wanna remove "salt".

What files should I edit to change this? (When the user create an account, it will create it in database without encryption, and when user login, it should open his account without problems).

Is that hard, possible? Can someone help me please?

I want this, because I try to link my litle game (MMORPG) with the Forum, but the encryption is causing me problems. I don't want it, its slow and useless in my opinion. (Nobody gonna hack my server anyway )

Please help, and Thanks.

Parpalak · 2010-03-09 11:04

Parpalak
PunBB Developer
Offline

From: Russia
Registered: 2008-07-22
Posts: 713

Re: NO encryption in users passwords.

reacen wrote:

its slow

A hash of a short string like a password can be calculated very fast.

PunBB team intentions, personal tasks.

Parpalak · 2010-03-09 11:09

Parpalak
PunBB Developer
Offline

From: Russia
Registered: 2008-07-22
Posts: 713

Re: NO encryption in users passwords.

And if you really want to disable password hashing try to edit the forum_hash() function. Seems like it should be just

return $str;

PunBB team intentions, personal tasks.

reacen · 2010-03-09 12:12

reacen
Member
Offline

Registered: 2010-01-15
Posts: 11

Re: NO encryption in users passwords.

Its working great when the user registre, thanks! ("Salt" is not empty, but never minde...)
The only problem now is, when you try to login: "Incorrect username and/or password."

What to do for this login issue?

Parpalak · 2010-03-09 12:35

Parpalak
PunBB Developer
Offline

From: Russia
Registered: 2008-07-22
Posts: 713

Re: NO encryption in users passwords.

Try to replace the following line (login.php, line 54)

$sha1_in_db = (strlen($db_password_hash) == 40) ? true : false;

to

$sha1_in_db = true;

PunBB team intentions, personal tasks.

reacen · 2010-03-09 12:48

reacen
Member
Offline

Registered: 2010-01-15
Posts: 11

Re: NO encryption in users passwords.

Its working great !
Now, I just hope these few changes will not cause future problems with the forum.

Thank you so much Parpalak.

Parpalak · 2010-03-09 13:02

Parpalak
PunBB Developer
Offline

From: Russia
Registered: 2008-07-22
Posts: 713

Re: NO encryption in users passwords.

You're welcome.

Do not forget to make these changes again when the new version of PunBB is released and you update it.

PunBB team intentions, personal tasks.

NO encryption in users passwords.

Posts: 7

1 Topic by reacen 2010-03-07 05:34

Topic: NO encryption in users passwords.

2 Reply by Parpalak 2010-03-09 11:04

Re: NO encryption in users passwords.

3 Reply by Parpalak 2010-03-09 11:09

Re: NO encryption in users passwords.

4 Reply by reacen 2010-03-09 12:12

Re: NO encryption in users passwords.

5 Reply by Parpalak 2010-03-09 12:35

Re: NO encryption in users passwords.

6 Reply by reacen 2010-03-09 12:48

Re: NO encryption in users passwords.

7 Reply by Parpalak 2010-03-09 13:02

Re: NO encryption in users passwords.

Posts: 7