Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Password Issues with Upgrade

edited May 2009 in Vanilla 1.0 Help
Hi, I recently updated from 1.1.4 to 1.1.7. My site ( is rather unique in that it is a launching pad for a game that I've written, using a special URL format to launch the game on the player's computer.

I have an application that sits in the tray and gets citiesonline:// URLs from the browser. In order to play the game, the user must verify on their computer that they are the same person logged into the site by entering their password, which is used to decode the URL passed from the site. The problem is that prior to 1.1.5a the password in Vanilla used to be stored as an md5 hash of their plaintext password. In my game side client, I used the md5 hash of their password for decoding.

This no longer works in 1.1.7 because the password is no longer stored as an md5 hash in Vanilla. It's stored as some other hash, and consequently, my entire site is broken. No one can play the game until this is fixed because no one can validate their site login. Can someone please tell me what the new format is (or if there is any way to get to the old md5 hash from what it now is)? I can do whatever I need to on the client, it's just not in any way apparent from the code what it's doing now and what format the stored password hash is in.


  • Options
    Also, I'd be happy if there was a hack to store the passwords as md5s again, even if it's not as safe. That would at least give me time to get the client side upgraded without breaking everyone so that I could roll it out properly.
Sign In or Register to comment.