• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Migrating md5 passwords to xenForo

Hardcore

Active member
#1
Quick question: We'd like to move over an old custom user database that's using md5 over to xenForo. Any tips would be appreciated.

Cheers!
 

Brogan

XenForo moderator
Staff member
#2
Which software is it?

You will need an importer to correctly import all of the users, forums, threads, post, etc.
Currently there are only official importers for vB, IPB and phpBB so you will need to convert to one of those first.

Your other option is to have a custom importer developed.
 

Hardcore

Active member
#3
It's all custom code created by me ages ago. We're only interested in moving over our user database at this time; not forums/threads/posts, etc. We'll be starting all of that from scratch.

I'll be creating the custom script, so I just need to know if xenForo can deal with the old md5 generator passwords and if it'll convert them to its format upon login ... of if there's something else required to make this happen.

Thanks!

(PS - xenForo is damn impressive. We can't wait to unleash it on our community.)
 

guiltar

Well-known member
#4
You need to write importer for it.
vBulletin auth class has md5(md5(pass),salt) encoding and you may associate your md5 users with vB external auth after convertion of their hashes to md5(hash,salt).
Thats how I did it. And no need any extra authentications. Import and forgot.
PHP:
    protected function _importUser(array $user, array $options)
    {
        $salt = XenForo_Application::generateRandomString(30);
        $hash = md5($user['user_password'] . $salt);
 
        $import = array(
            'username' => $user['user_login'],
            'email' => $user['user_mail'],
            'user_group_id' => 2,
            'authentication' => array(
                'scheme_class' => 'XenForo_Authentication_vBulletin',
                'data' => array(
                    'hash' => $hash,
                    'salt' => $salt
                )
            ),
            'homepage' => $user['user_profile_site'],
            'register_date' => $user['user_date_register'],
        );
        ...
 

Hardcore

Active member
#5
Thanks. I'm new to this, so bare with me.
  1. Can you explain the "data" field in the xf_user_authenticate table? What's require for that?
  2. Will "scheme_class" update post import once the user signs in for the first time?
Much appreciated!
 

Hardcore

Active member
#6
Also ... I'd be willing to pay (even in beer) a developer to write a quick php script to convert our user table to XF. ;-)

It's a single table with no other dependencies.

Let me know. We're eager!
 

Jake Bunce

XenForo moderator
Staff member
#7
You need to write importer for it.
vBulletin auth class has md5(md5(pass),salt) encoding and you may associate your md5 users with vB external auth after convertion of their hashes to md5(hash,salt).
Thats how I did it. And no need any extra authentications. Import and forgot.
My thoughts exactly.

Thanks. I'm new to this, so bare with me.
  1. Can you explain the "data" field in the xf_user_authenticate table? What's require for that?
  2. Will "scheme_class" update post import once the user signs in for the first time?
Much appreciated!
That data field is where the password information is stored. It is serialized data. Here is an example of the serial string for a vB password:

Code:
a:2:{s:4:"hash";s:32:"643fa83c6a024553b927c7dfd69d682c";s:4:"salt";s:3:"KcB";}
The hash is md5(md5($password) . $salt). The salt is a 3 digit random string. So you need to generate a random salt for each user and then calculate the hash using that formula. Then serialize the information.

The scheme_class in your case would be XenForo_Authentication_vBulletin. It will change to the default hashing scheme (XenForo_Authentication_Core) the next time the user changes their password.
 
#9
Is the above explanation for an older version of the encoding? I need to do a similar thing, but my data field looks like:

a:3:{s:4:"hash";s:64:"a7cffe8fe9e9a68a6197f1d6e4e14e2c111da2d55f9cf8badafe1ba17ba3335d";s:4:"salt";s:64:"4a5104930061756165b6b2209469d0a470156117e43ca18995dc9f004d15469b";s:8:"hashFunc";s:6:"sha256";}
I have inherited a forum that gives me a (amongst other stuff) a list of user info with plain text password - bizarrely.

Does th info in my post above have 2 different encodings of the password?
 

Jake Bunce

XenForo moderator
Staff member
#10
Is the above explanation for an older version of the encoding? I need to do a similar thing, but my data field looks like:



I have inherited a forum that gives me a (amongst other stuff) a list of user info with plain text password - bizarrely.

Does th info in my post above have 2 different encodings of the password?
Yours is different. The data you posted looks like it is for XenForo_Authentication_Core. We were talking about XenForo_Authentication_vBulletin.

If you have plain text passwords then you can use any auth scheme. I recommend XenForo_Authentication_Core since it is more secure. You need to generate appropriate salts and hashes using the plain text passwords.
 

Digital Doctor

Well-known member
#14
Hi! Is it possible to get joomla passwords to work after a conversion?
Yes if vBulletin IMPEX has a Joomla importer that works.
I'm sure Jake could do it if you paypal'd him a nice christmas present.
Jake did my complex migration from an old school SQL forum where the vBulletin IMPEX wasn't working.
 

Digital Doctor

Well-known member
#16
I can get from joomla to xenforo via joomla-smf-vbulletin-xenforo. Impex doesn't work for joomla 2.5 just 1.5.
It might work. Hard to say.

What about IPB ? J! => IPB ?

Time is money.
I don't know Jake's going rates ( I paid good money because he's the best: @php @life ).
Get SchmitzIT to do it.
He'll figure a way. Great guy. Super fair prices.
 
#17
I spoke to SchmitzIT and he didn't think it was possible to get passwords to work.

I know, in the past, smf had a script which would allow joomla passwords to work, after a successful login smf would hash them in their own way and store them in the db. I'm wondering if something like this is possible to do in xenforo?
 

Jake Bunce

XenForo moderator
Staff member
#19
Joomla is a CMS. What exactly do you need imported? Articles? Users? Anything else?

What format does Joomla use for passwords? MD5? SHA1?