How to remove password encrpytion

by Hug - 26-01-2015, 06:31 AM
Closed Account
Posts:
2,764
Joined:
Jan 2015
Likes:
142
Credits:
1,946
Reputation:
26
3 Years of Service
#1
OP
Posted: 26-01-2015, 06:31 AM
Here is a quick guide on how to remove the encryption method in MyBB.

Note: This is no recommended as it could be a security flaw having your passwords in plain text.
Education purposes only, or if you want to upgrade or change the encryption method.

Files used for encrpytion:
- inc/functions_user.php
- inc/datahandlers/user.php

What encrpytion method does MyBB use?:
MyBB's current encryption method as it currently stands is: md5(md5($salt).$password).

How to remove encryption:
1.Open inc/functions_user.php;
2.Find "return md5(md5($salt).$password);" (Line: 200);
3.Replace with "return $password;"
4.Find "if(salt_password(md5($password), $user['salt']) == $user['password'])" (Line: 135);
5.Replace with "if(salt_password($password, $user['salt']) == $user['password'])";
6.Save file, open "inc/datahandlers/user.php";
7.Find "$user['md5password'] = md5($user['password']);" (Line: 199);
8.Replace with "$user['md5password'] = $user['password'];";
JMPRockFm
13-06-2015, 01:50 PM
Newbie
Posts:
13
Joined:
Jan 2015
Likes:
0
Credits:
15
Reputation:
0
3 Years of Service
#2
Posted: 26-01-2015, 07:59 AM
Sweet man!, I can vouch for this!, I wouldn't recommend using it tho
Closed Account
Posts:
1,382
Joined:
Jan 2015
Likes:
125
Credits:
1,388
Reputation:
30
3 Years of Service
#3
Posted: 26-01-2015, 11:56 AM
Not going to register on a MyBB forum ever again...

Hell, my security >.<
oldfag
Administrators
Posts:
6,257
Joined:
Jan 2015
Likes:
1,767
Credits:
5,082
Reputation:
275
3 Years of Service
#4
Posted: 26-01-2015, 12:05 PM
(26-01-2015, 11:56 AM)AndresXZ09 Wrote: Not going to register on a MyBB forum ever again...

Hell, my security >.<

It's encrypted here, don't worry. Tongue
Send me a message for help. (Read the help docs first)
Steam Wishlist - Anime Watchlist
Closed Account
Posts:
2,764
Joined:
Jan 2015
Likes:
142
Credits:
1,946
Reputation:
26
3 Years of Service
#5
OP
Posted: 26-01-2015, 01:43 PM
(26-01-2015, 12:05 PM)linkz Wrote:
(26-01-2015, 11:56 AM)AndresXZ09 Wrote: Not going to register on a MyBB forum ever again...

Hell, my security >.<

It's encrypted here, don't worry.  Tongue

default encryption or modified?
We are!
Posts:
1,044
Joined:
Jan 2015
Likes:
108
Credits:
1,962
Reputation:
25
3 Years of Service
#6
Posted: 26-01-2015, 06:49 PM
Hack into a forum, and do this.
GG.
Smile
Closed Account
Posts:
2,764
Joined:
Jan 2015
Likes:
142
Credits:
1,946
Reputation:
26
3 Years of Service
#7
OP
Posted: 26-01-2015, 11:53 PM
(26-01-2015, 06:49 PM)Kewl Wrote: Hack into a forum, and do this.
GG.
Smile

:yus: Exactly.
ᶠᵃᵈʸ'ˢ ʷᵃᶦᶠᵘ
Posts:
543
Joined:
Jan 2015
Likes:
68
Credits:
1,151
Reputation:
39
3 Years of Service
#8
Posted: 27-01-2015, 01:34 AM
(26-01-2015, 06:49 PM)Kewl Wrote: Hack into a forum, and do this.
GG.
Smile

Pretty sure they'd notice when every password on the site stopped working. :fp:
Faded is cute Heart
Closed Account
Posts:
2,764
Joined:
Jan 2015
Likes:
142
Credits:
1,946
Reputation:
26
3 Years of Service
#9
OP
Posted: 27-01-2015, 01:37 AM
(27-01-2015, 01:34 AM)Unsuspicious Wrote:
(26-01-2015, 06:49 PM)Kewl Wrote: Hack into a forum, and do this.
GG.
Smile

Pretty sure they'd notice when every password on the site stopped working.  :fp:

:noh: damn I thought some niqqa would fall for that
Member
Posts:
166
Joined:
Jan 2015
Likes:
9
Credits:
128
Reputation:
5
3 Years of Service
#10
Posted: 27-01-2015, 01:42 AM
Peeps can still use the password found via the change, right? Also you can force all users to change passwords via acp if I'm not mistaken.
Impress the best, stand out from the rest.
The last reply on this thread is older than a month. Please do not unnecessarily bump it.
Register an account or login to reply
Create an account
Create a free account today and start posting right away. It only takes a few seconds.
Login
Log into an existing account.
1 Guest(s)