• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
  • This forum has been archived. New threads and replies may not be made. All add-ons/resources that are active should be migrated to the Resource Manager. See this thread for more information.

Getting SMF passwords to work after using vBulletin as an import intermediate


Well-known member
There's probably a simpler or better way, but for that you'll have to wait for somebody that can code. :)

If you are migrating from other software like phpBB or IPB, these steps can probably be modified to work as well, provided you know how passwords are authenticated.

Simple Machine Forum's password authentication is as follows: sha1(strtolower(username) . password) which basically uses the username as a salt.

Since Xenforo currently only comes with a vBulletin importer, it's going to assume that for imported users, the password will be in the form of md5(md5(password . salt).

To remedy this, we need to modify some xF files to accept SMF's authentication scheme. I'm not sure if we are technically allowed to edit these files, so if not please remove this post.

Before we do that, we have to make sure Impex preserves the original hash, but I don't think I should go into detail here since it's vBulletin/Jerry's code. Basically edit the Impex files so that after importing into vB, the original password hash is unaltered. Remember to expand the relevant mysql column to accept enough characters beforehand.

If you don't preserve the hash, Impex will spit out md5(md5(sha1(strtolower(username) . $password)) . salt) which won't work with this method but I suspect it would be relatively easy to come up with an alternative if you are familiar with PHP.

Preparing to Import into XF:
Go into /library/XenForo/Importer/vBulletin.php

Find line 680
'salt' => $user['salt']
and replace it with

'salt' => $user['username']
Getting the Passwords to Work Post XF Import:
Go into /library/XenForo/Authentication/vBulletin.php

Find line 19

return md5(md5($password) . $salt);
and replace it with

return sha1(strtolower($salt) . $password);


Well-known member
I just purchased XF and have also a SMF board. Thank you for the tutorial. Feedback it really quick here :)


Well-known member
I believe this is MyBB's password hash method: md5(md5($salt).md5($password))

I'm not sure how Impex treats MyBB passwords during import, but if you've edited Impex to preserve the original hash, it should be super easy to get MyBB passwords to work.

Tried looking for Invision Power Board's hashing method, but couldn't find one.