anyone know how to get the unencrypted passwords out of the phpbb mysql db?

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

anyone know how to get the unencrypted passwords out of the phpbb mysql db?

Tami Williams-3
I need to build a routine to grab the unencrypted passwords out of  
the phpbb MySQL db and put them into matching records in FileMaker...
anyone know how to do this?

Thank in advance.


P.S. yes, I know encrypted passwords are more secure.


Thanks.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"It's better to burn out than to fade away."

Tami Williams
Creative Computing
Improve, manage and unify data with custom database and web  
applications.
FileMaker and Lasso specialist.

Tel: 770.457.3221
Fax: 770.454.7419
E-Mail: [hidden email]
Web: http://www.asktami.com

FileMaker Solutions Alliance Associate | Lasso Professional Alliance  
Member


--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/


Reply | Threaded
Open this post in threaded view
|

Re: anyone know how to get the unencrypted passwords out of the phpbb mysql db?

Johan Solve
They are hopefully one way encrypted so no can do in that case.

You can use Smartpill to implement the same encryption when storing
the password in FM, but you'd have to find out how they are encrypten
in phpbb.

On Thu, Oct 1, 2009 at 11:11 PM, Tami Williams <[hidden email]> wrote:

> I need to build a routine to grab the unencrypted passwords out of the phpbb
> MySQL db and put them into matching records in FileMaker...
> anyone know how to do this?
>
> Thank in advance.
>
>
> P.S. yes, I know encrypted passwords are more secure.
>
>
> Thanks.
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "It's better to burn out than to fade away."
>
> Tami Williams
> Creative Computing
> Improve, manage and unify data with custom database and web applications.
> FileMaker and Lasso specialist.
>
> Tel: 770.457.3221
> Fax: 770.454.7419
> E-Mail: [hidden email]
> Web: http://www.asktami.com
>
> FileMaker Solutions Alliance Associate | Lasso Professional Alliance Member
>
>
> --
> This list is a free service of LassoSoft: http://www.LassoSoft.com/
> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> Manage your subscription: http://www.ListSearch.com/Lasso/
>
>
>



--
Mvh
Johan Sölve
____________________________________
Montania System AB
Halmstad   Stockholm   Malmö
http://www.montania.se

Johan Sölve
Mobil +46 709-51 55 70
[hidden email]

Kristinebergsvägen 17, S-302 41 Halmstad, Sweden
Telefon +46 35-136800 |  Fax +46 35-136801

--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/


Reply | Threaded
Open this post in threaded view
|

Re: anyone know how to get the unencrypted passwords out of the phpbb mysql db?

jasonhuck
In reply to this post by Tami Williams-3
I haven't checked, but I wouldn't be surprised if phpBB uses MD5
encryption to store password checksums, in which case, you're not
going to decrypt them (it's one-way).

- jason



On Thu, Oct 1, 2009 at 5:11 PM, Tami Williams <[hidden email]> wrote:

> I need to build a routine to grab the unencrypted passwords out of the phpbb
> MySQL db and put them into matching records in FileMaker...
> anyone know how to do this?
>
> Thank in advance.
>
>
> P.S. yes, I know encrypted passwords are more secure.
>
>
> Thanks.
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "It's better to burn out than to fade away."
>
> Tami Williams
> Creative Computing
> Improve, manage and unify data with custom database and web applications.
> FileMaker and Lasso specialist.
>
> Tel: 770.457.3221
> Fax: 770.454.7419
> E-Mail: [hidden email]
> Web: http://www.asktami.com
>
> FileMaker Solutions Alliance Associate | Lasso Professional Alliance Member
>
>
> --
> This list is a free service of LassoSoft: http://www.LassoSoft.com/
> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> Manage your subscription: http://www.ListSearch.com/Lasso/
>
>
>



--
tagSwap.net :: Open Source Lasso Code
<http://tagSwap.net/>

--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/


Reply | Threaded
Open this post in threaded view
|

Re: anyone know how to get the unencrypted passwords out of the phpbb mysql db?

Tami Williams-3
I'm thinking that really what I need is a php solution that copies  
the hashed encrypted password from phpBB into the FileMaker db,  
'cause I need to have a way to have them login to the FM + Lasso  
system and then grab that phpBB password so that they can (if they  
want to) jump from the Lasso system into phpBB without re-logging in.

Or I might just talk to my client about using FileMaker's ESS + a  
script to copy over the hashed encrypted phpBB password.


Anyone worked with phpBB +FileMaker?



On Oct 1, 2009, at 5:30 PM, Jason Huck wrote:

> I haven't checked, but I wouldn't be surprised if phpBB uses MD5
> encryption to store password checksums, in which case, you're not
> going to decrypt them (it's one-way).
>
> - jason
>
>
>
> On Thu, Oct 1, 2009 at 5:11 PM, Tami Williams <[hidden email]>  
> wrote:
>> I need to build a routine to grab the unencrypted passwords out of  
>> the phpbb
>> MySQL db and put them into matching records in FileMaker...
>> anyone know how to do this?
>>
>> Thank in advance.
>>
>>
>> P.S. yes, I know encrypted passwords are more secure.
>>
>>
>> Thanks.
>>
>>
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> "It's better to burn out than to fade away."
>>
>> Tami Williams
>> Creative Computing
>> Improve, manage and unify data with custom database and web  
>> applications.
>> FileMaker and Lasso specialist.
>>
>> Tel: 770.457.3221
>> Fax: 770.454.7419
>> E-Mail: [hidden email]
>> Web: http://www.asktami.com
>>
>> FileMaker Solutions Alliance Associate | Lasso Professional  
>> Alliance Member
>>
>>
>> --
>> This list is a free service of LassoSoft: http://www.LassoSoft.com/
>> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
>> Manage your subscription: http://www.ListSearch.com/Lasso/
>>
>>
>>
>
>
>
> --
> tagSwap.net :: Open Source Lasso Code
> <http://tagSwap.net/>
>
> --
> This list is a free service of LassoSoft: http://www.LassoSoft.com/
> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> Manage your subscription: http://www.ListSearch.com/Lasso/
>
>


--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/


Reply | Threaded
Open this post in threaded view
|

Re: anyone know how to get the unencrypted passwords out of the phpbb mysql db?

Jonathan Vanherpe (T & T NV)
If you use the same algorithm to check the password, you can just use
the hashed passwords. It's probably just something like
encrypt_md5(action_param('password'));
maybe there's a ->tolowercase in there too, and maybe they use a salt
(so it would make it: encrypt_md5(action_param('password')+$salt) ). You
should be able to find the php code responsible in phpbb and just port
it to Lassoscript.

Jonathan

Tami Williams wrote:

> I'm thinking that really what I need is a php solution that copies the
> hashed encrypted password from phpBB into the FileMaker db, 'cause I
> need to have a way to have them login to the FM + Lasso system and then
> grab that phpBB password so that they can (if they want to) jump from
> the Lasso system into phpBB without re-logging in.
>
> Or I might just talk to my client about using FileMaker's ESS + a script
> to copy over the hashed encrypted phpBB password.
>
>
> Anyone worked with phpBB +FileMaker?
>
>
>
> On Oct 1, 2009, at 5:30 PM, Jason Huck wrote:
>
>> I haven't checked, but I wouldn't be surprised if phpBB uses MD5
>> encryption to store password checksums, in which case, you're not
>> going to decrypt them (it's one-way).
>>
>> - jason
>>
>>
>>
>> On Thu, Oct 1, 2009 at 5:11 PM, Tami Williams <[hidden email]> wrote:
>>> I need to build a routine to grab the unencrypted passwords out of
>>> the phpbb
>>> MySQL db and put them into matching records in FileMaker...
>>> anyone know how to do this?
>>>
>>> Thank in advance.
>>>
>>>
>>> P.S. yes, I know encrypted passwords are more secure.
>>>
>>>
>>> Thanks.
>>>
>>>
>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>> "It's better to burn out than to fade away."
>>>
>>> Tami Williams
>>> Creative Computing
>>> Improve, manage and unify data with custom database and web
>>> applications.
>>> FileMaker and Lasso specialist.
>>>
>>> Tel: 770.457.3221
>>> Fax: 770.454.7419
>>> E-Mail: [hidden email]
>>> Web: http://www.asktami.com
>>>
>>> FileMaker Solutions Alliance Associate | Lasso Professional Alliance
>>> Member
>>>
>>>
>>> --
>>> This list is a free service of LassoSoft: http://www.LassoSoft.com/
>>> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
>>> Manage your subscription: http://www.ListSearch.com/Lasso/
>>>
>>>
>>>
>>
>>
>>
>> --
>> tagSwap.net :: Open Source Lasso Code
>> <http://tagSwap.net/>
>>
>> --
>> This list is a free service of LassoSoft: http://www.LassoSoft.com/
>> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
>> Manage your subscription: http://www.ListSearch.com/Lasso/
>>
>>
>
>
> --
> This list is a free service of LassoSoft: http://www.LassoSoft.com/
> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> Manage your subscription: http://www.ListSearch.com/Lasso/
>
>
>


--
Jonathan Vanherpe - Tallieu & Tallieu NV - [hidden email]

--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/


Reply | Threaded
Open this post in threaded view
|

Re: anyone know how to get the unencrypted passwords out of the phpbb mysql db?

Johan Solve
On Fri, Oct 2, 2009 at 9:13 AM, Jonathan Vanherpe (T & T NV)
<[hidden email]> wrote:
> If you use the same algorithm to check the password, you can just use the
> hashed passwords. It's probably just something like
> encrypt_md5(action_param('password'));
> maybe there's a ->tolowercase in there too

Curious why you think that? Passwords should be case sensitive so
lowercasing it would be a bad idea.

--
Mvh
Johan Sölve
____________________________________
Montania System AB
Halmstad   Stockholm   Malmö
http://www.montania.se

Johan Sölve
Mobil +46 709-51 55 70
[hidden email]

Kristinebergsvägen 17, S-302 41 Halmstad, Sweden
Telefon +46 35-136800 |  Fax +46 35-136801

--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/


Reply | Threaded
Open this post in threaded view
|

Re: anyone know how to get the unencrypted passwords out of the phpbb mysql db?

stevepiercy
In reply to this post by Tami Williams-3
I do both, but not together.  In a legacy system, we use phpBB2
(v3 is the current).  In the file admin_users.php, there is this snippet:

     $password = md5($password);
     $passwd_sql = "user_password = '$password', ";

which constructs an SQL statement that stores the user password
encrypted by MD5.

I'm not sure what the ultimate goal is.  Are you trying to
replicate an existing table, or continually update and access
the table, or both?

For ongoing updates, you could use a PHP function to include a
Lasso URL with parameters which stores the same password however
you like.

--steve


On 10/2/09 at 2:00 AM, [hidden email] (Tami Williams) pronounced:

>I'm thinking that really what I need is a php solution that
>copies the hashed encrypted password from phpBB into the
>FileMaker db, 'cause I need to have a way to have them login to
>the FM + Lasso system and then grab that phpBB password so that
>they can (if they want to) jump from the Lasso system into
>phpBB without re-logging in.
>
>Or I might just talk to my client about using FileMaker's ESS +
>a script to copy over the hashed encrypted phpBB password.
>
>
>Anyone worked with phpBB +FileMaker?
>
>
>
>On Oct 1, 2009, at 5:30 PM, Jason Huck wrote:
>
>>I haven't checked, but I wouldn't be surprised if phpBB uses MD5
>>encryption to store password checksums, in which case, you're not
>>going to decrypt them (it's one-way).
>>
>>- jason
>>
>>
>>
>>On Thu, Oct 1, 2009 at 5:11 PM, Tami Williams
>><[hidden email]> wrote:
>>>I need to build a routine to grab the unencrypted passwords
>>>out of the phpbb
>>>MySQL db and put them into matching records in FileMaker...
>>>anyone know how to do this?
>>>
>>>Thank in advance.
>>>
>>>
>>>P.S. yes, I know encrypted passwords are more secure.
>>>
>>>
>>>Thanks.
>>>
>>>
>>>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>>"It's better to burn out than to fade away."
>>>
>>>Tami Williams
>>>Creative Computing
>>>Improve, manage and unify data with custom database and web applications.
>>>FileMaker and Lasso specialist.
>>>
>>>Tel: 770.457.3221
>>>Fax: 770.454.7419
>>>E-Mail: [hidden email]
>>>Web: http://www.asktami.com
>>>
>>>FileMaker Solutions Alliance Associate | Lasso Professional
>>>Alliance Member
>>>
>>>
>>>--
>>>This list is a free service of LassoSoft: http://www.LassoSoft.com/
>>>Search the list archives: http://www.ListSearch.com/Lasso/Browse/
>>>Manage your subscription: http://www.ListSearch.com/Lasso/
>>>
>>>
>>>
>>
>>
>>
>>--
>>tagSwap.net :: Open Source Lasso Code
>><http://tagSwap.net/>
>>
>>--
>>This list is a free service of LassoSoft: http://www.LassoSoft.com/
>>Search the list archives: http://www.ListSearch.com/Lasso/Browse/
>>Manage your subscription: http://www.ListSearch.com/Lasso/
>>
>>
>
>
>--
>This list is a free service of LassoSoft: http://www.LassoSoft.com/
>Search the list archives: http://www.ListSearch.com/Lasso/Browse/
>Manage your subscription: http://www.ListSearch.com/Lasso/
>
>

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --
Steve Piercy               Web Site Builder              
Soquel, CA
<[hidden email]>                  <http://www.StevePiercy.com/>


--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/


Reply | Threaded
Open this post in threaded view
|

Re: anyone know how to get the unencrypted passwords out of the phpbb mysql db?

Jonathan Vanherpe (T & T NV)
In reply to this post by Johan Solve
Johan Solve wrote:

> On Fri, Oct 2, 2009 at 9:13 AM, Jonathan Vanherpe (T&  T NV)
> <[hidden email]>  wrote:
>> If you use the same algorithm to check the password, you can just use the
>> hashed passwords. It's probably just something like
>> encrypt_md5(action_param('password'));
>> maybe there's a ->tolowercase in there too
>
> Curious why you think that? Passwords should be case sensitive so
> lowercasing it would be a bad idea.
>

I'm assuming at least some password systems just don't do case sensitive
passwords, maybe phpbb is one of them, i don't know. It's something to
look for in the phpbb code.

Jonathan

--
Jonathan Vanherpe - Tallieu & Tallieu NV - [hidden email]

--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/


Reply | Threaded
Open this post in threaded view
|

Re: anyone know how to get the unencrypted passwords out of the phpbb mysql db?

Johan Solve
On Fri, Oct 2, 2009 at 11:01 AM, Jonathan Vanherpe (T & T NV)
<[hidden email]> wrote:
> Johan Solve wrote:
>> Curious why you think that? Passwords should be case sensitive so
>> lowercasing it would be a bad idea.
>>
>
> I'm assuming at least some password systems just don't do case sensitive
> passwords, maybe phpbb is one of them, i don't know. It's something to look
> for in the phpbb code.

Fine. Just making sure it wasn't arecommendation :)


--
Mvh
Johan Sölve
____________________________________
Montania System AB
Halmstad   Stockholm   Malmö
http://www.montania.se

Johan Sölve
Mobil +46 709-51 55 70
[hidden email]

Kristinebergsvägen 17, S-302 41 Halmstad, Sweden
Telefon +46 35-136800 |  Fax +46 35-136801

--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/