Password encyption

[funkissential]

Hi,

I am planning on munallly converting from my companys old forum - webwiz to yabbse now it all seems to look ok barr 1 probably i have encountered, i have de encrypted all the passwords from webwiz but dont know how to re encrypt them for yabbse can anyone help with this or is there a script to do it?

Any help much appreciated.

SJ

[Spaceman-Spiff]

what encryption method do you use for your old forum?

[funkissential]

The old forum did not encrypt the passwords only th access database they where held in.

[David]

You should be able to find how they are encrypted in register.php

[[Unknown]]

If you just md5 them, YaBB SE will upgrade the encryption next time they log in.

-[Unknown]

[funkissential]

Sorry to sound daft but how do i do that?>

[Daniel Hofverberg]

In PHP something like md5(password); (where password is the password in question). So if the password is hello, just use md5('hello');.

Similar functions should exist in most programming languages...

[funkissential]

How would you encrypt 1000 of them, any way of automastically7 doing it like phasing a text file so it encrypts each line then prints back out the file.

[Daniel Hofverberg]

Sure, that wouldn't be hard.

Try this PHP script - I just threw it together very quickly and have only tested it with a few passwords, but it should work:

Code Select Expand

<?php
$handle = fopen ("passwords.txt", "r");
$outputhandle = fopen("encryptedpasswords.txt", "a");
while (!feof ($handle)) {
    $buffer = fgets($handle, 4096);
    fwrite($outputhandle, md5($buffer) . "\n");
}
fclose ($handle);
fclose ($outputhandle);
?>
<h1>Done</h1>

Put all passwords in "passwords.txt" (one per line), upload passwords.txt along with this script (call it passwords.php or whatever) to any directory which is world writable (CHMOD 777) or upload an empty file called "encryptedpasswords.txt" and CHMOD it 777 (that way, the directory won't have to be writable). Execute the script in the browser, and when it's done, the file encryptedpasswords.txt will contain the MD5'd versions of the original passwords, one per line.

And of course, delete those files from the server when you're done!

As I said, not tested too thoroughly and I'm certainly no expert in PHP, but it should work - It worked for me with a few passwords anyway...

[funkissential]

Hi ya

Thanks ofr that code, unfortunately all the passwords are encrypted then they odne work  some of hte time!!! Some do and some dont, any ideas why this is hte case?

[funkissential]

Had a look, now sometimes the code you wrote above outputs the irght passwords which work, normally when htere is only 1 password in the text file. when there are lots the passwrds encrypt wrongly any idea why this is?

[Daniel Hofverberg]

Good question, I'm not sure... It might have to do with extra linefeeds or similar being added to the passwords.

Try adding this line before the line that starts with fwrite:

Code Select Expand

$buffer = rtrim($buffer,"\n\r");

I'm not sure if it will do any good, but it's worth a try. It can't do any harm anyway...  

[funkissential]

Been looking through the code - loginout.php and it mentions md5 and anotehr ofrm of encryption cryt, is it possible to have yabbse work in md5 mode if so how as this may help.

Also been trying verious line spaces uploading in binary asci and now its not working!!!

Getting desperate.

[funkissential]

Thankyou!!! Looks like its working!!! Fingers crossed!!!

[Daniel Hofverberg]

Didn't my extra line do any difference?