Blog Documentation Book a Demo

phpBB hash method

mightyrocketmightyrocket New
in Vanilla 2.0 - 2.8

We just converted from phpBB3 to Vanilla and users are unable to login without resetting their passwords. I have triple-checked that the Member role has permission to log-in. The issue seems to be that Vanilla is not able to create the proper hash.

Our forum has been around for a long time and therefore passwords are stored in many different hashes. A quick look in the db shows passwords hashed using $H$, $2y$, and $2a$. Could the fact that there are multiple algorithms in use be the reason for the login failures?

Comments

  • LincLinc Admin

    @mightyrocket That sounds like a very likely culprit, yes. $2y$ and $2a$ are Blowfish (crypt) and $H$ is phpass (phpbb). Set the HashMethods for $2y$ and $2a$ passwords to 'crypt' and that may allow them to login. The $H$ passwords should already be working - they are what the 'phpbb' HashMethod expects.

  • mightyrocketmightyrocket New

    @Linc Thanks! I'll try setting the HashMethod for $2y$ and $2a$ to 'crypt'.

  • mightyrocketmightyrocket New

    Great news, @Linc ! Your recommendation appears to have worked. We've a few affected users now able to log int. Thanks for the help!

    In case anyone else needs it, here's the sql query to set HashMethod to 'crypt' for Blowfish passwords:

    UPDATE `GDN_User`
SET `HashMethod` = 'crypt'
WHERE 
    `Deleted` = 0
    AND `HashMethod` = 'phpbb'
    AND (LEFT(`Password`,4) = '$2a$' OR LEFT(`Password`,4) = '$2y$')
Sign In or Register to comment.