Anyone else using free forum software but seriously considering xenForo?

[yoghurtfarmer]

I'm using free software right now but I think xenForo is innovative enough that I'm thinking about making the switch, provided it'll priced competitively and if there's a good converter.

Anyone else (whether it's SMF, phpBB, myBB etc.. ) share the same sentiments?

 

[yoghurtfarmer]

SMF stores passwords as

$passwordhash = sha1(strtolower($user) . $password);

When the SMF passwords get imported into vB what happens to them? When I compare the passwords column in the source and target databases, they are different.
But there are mods like http://www.vbulletin.org/forum/showthread.php?t=97243&page=2 so maybe the passwords do get carried over?

My understanding before was that the SMF passwords get imported, but vB can't authenticate them... but xF could so in the end it wouldn't matter as long as I knew how SMF hashes its password.

Now I'm thinking that the SMF passwords don't get imported at all.

 

[yoghurtfarmer]

Okay so I took a closer look at what happens to the imported passwords. Pardon my lack of knowledge and any mistakes, I'm neither a programmer nor a cryptographer so I'm just picking this up as I go.

It seems to me this is what happens:

The original SMF password is hashed and stored in the database using sha1(strtolower($user) . $password);

Impex imports the hashed password and stores it as md5(md5(imported hashed password) . salt) where the salt is stored in the vB database

Authentication will fail because vB checks for md5(md5(password) . salt) but should work if it checked for md5(md5(sha1(strtolower($user) . $password)) . salt) <-- Not sure about this part

If so, couldn't xenForo be set to authenticate using that method?

Q: If I import from [insert forum solution name here], will my members need to reset their passwords?

A: No. XenForo is able to use multiple password and authentication schemes and these can be defined on a per-user basis. If you import from a system that uses md5(md5(password) . salt) as its password hashing scheme, XenForo will allow that user to authenticate using that scheme.

 

[Dean]

You are out of my league. All I know is that Impex which brings smf into vb causes password issues, and vb->ipb does not, as per what I have read.

I am simply repeating what I have read, and I personally know 1 person that had password issues going from smf -> vb4 when he converted his forum.

 

[jonsidneyb]

Bump for post price information!

I think right now I'm not even going to wait for a converter. Hopefully I can get my hand on Impex and go the SMF -> vB -> xF route.

I would be very careful. I moved from SMF to vB in February and the passwords not moving over was a major issue, far far bigger than I thought it would be.

I set up an email address just for password resets and I still every day am doing resets for people that have not logged on since the move. The passwords not moving over was major for me.

 

[CurveGotti]

I am almost certain all of the software that impex imports to vb has the same issue with passwords not being imported properly. I know we had this problem, but as an administrator Id rather have to manually change passwords than to try and manually import all the member, post, and threads.