sql passwords - UK Web Hosting | Dedicated Server Windows and Linux VPS Forum

**cache** · #1 (**permalink**) 06-06-2007, 10:18

hi,

i dont know much about mysql but i can just get around phpmyadmin . i am trying to tackle a small problem i have. i created a forum for a club i run and when a user joins the password they enter gets encrypted as usual . the is another section on the website that has a secure directory. if i want to add a user from the forum to that directory i thought i could get there password they originally put into the forum database and manually put it into the secure directory so they would have the same user name for both if they were able to avail of both.

at the moment i cant get the password decrypted and people have to use two logins one for the board and one for the secure directory.

any ideas how i could get around this ?

thanks

**247h** · #2 (**permalink**) 06-06-2007, 20:18

You don't seem to be attracting any answers — my thoughts on this are that I don't understand enough of the detail of what you're using and the purpose of what you're trying to do? I presume this folder you're allowing them access to is a regular folder off of the domain root?

If so, even if you could extract an encrypted password from the forum database, how would this benefit either you or the user when it seems that (according to the tests I conducted) it will be encrypted differently in /.htpasswds/foldername (where passwords are stored for protected folders)?

I guess you mean that to login to the forum, or login to the folder, they use exactly the same username and password, but you're unable to create the folder permissions without them revealing their passwords to you? Or have I misunderstood you?

**steppen** · #3 (**permalink**) 07-06-2007, 06:16

What platform are you at (Linux/Windows/other), and what forum software are you running (vBulletin/SMF/phpBB*/*nuke*/other)?

**cache** · #4 (**permalink**) 07-06-2007, 09:22

its hosted hon euk with linux and i have phpbb3

**WelshTom** · #5 (**permalink**) 07-06-2007, 11:15

All passwords in a phpBB3 database are encrypted using an MD5 hash.

It's virtually impossible to decrypt MD5 hashes, but you should be able to find out their passwords before it is encrypted into MD5 format.

You could fiddle with the registration and login files on phpBB3 for this.

Anyway, you shouldn't be using phpBB3 on a live environment since its only a release candidate, and has unfixed errors.

**eUKhost.com** · #6 (**permalink**) 07-06-2007, 11:58

There's no need to decrypt those passwords.

simply share that database with another php script on which people will login first and once they get redirected on the forum then the forum will authenticate referral from successful login page only. one of our developers had implemented this functionality so I am quite sure that you can make it work.

**DPS Computing** · #7 (**permalink**) 07-06-2007, 13:40

Quote:

Originally Posted by eukhost.com

There's no need to decrypt those passwords.

simply share that database with another php script on which people will login first and once they get redirected on the forum then the forum will authenticate referral from successful login page only. one of our developers had implemented this functionality so I am quite sure that you can make it work.

I was trying to think to answers for this question all yesterday and was looking for a complex one - sometimes the simpliest answers are the best and it has shown in this case.

Why did I not think about sharing the database!