Store Community Support Documentation
Hello,

I am importing users from a third party's script. I am filling all necessary tables (activity, field, count, space) but I can't login. When I reset the password by using "forgot your password?" I can reset it and login then. Also when I copy the values from the field password and salt from an user that I did not import but created directly with PHPFox, I can login aswell. So I think the problem is concerning the password encryption. But I did the encryption excatly as suggested in the KB-article:

$user_password = $password_clear; //holds the unencrypted password
$sSalt = '';
for ($i = 0; $i < 3; $i++)
{
$sSalt .= chr(rand(33, 91));
}

$SALT = $sSalt;
$user_password_new = md5(md5($user_password . md5($SALT)));

When I check the database, I can see it's written in to the table. But the login doesn't work. Any idea?

Thank you.
Be the first person to like this.
JohnJr
#1
Ok, I thought you could not log on at all...sorry
Last update on March 4, 5:48 pm by JohnJr.
Be the first person to like this.
#2
I am not sure if I got your point, but that is what I just said. I can copy any other "regular" created account information to an imported user and can login then with an imported user. But I can't login with the users which I have imported, even I use the script from the KB article to encrypt the password and salt-field.
Be the first person to like this.
webwolf
#3
The actual hash formula from library file hash.class.php is:

PHP:
md5(md5($sPassword) . md5($sSalt)) 


The knowledge base article shows:

PHP:
md5(md5($PASSWORD md5($SALT))) 


Amazing what a difference a misplaced parenthesis makes.

One of the implications of this is that if you have an md5 encripted password from a previous site, you can still use it to build a phpfox password. If the knowledge base article were accurate, then this wouldn't be possible.
Be the first person to like this.
JohnJr
#4
WebWolf...you are a genius :)
Be the first person to like this.
#5
Thanks man, you really helped me out!
Be the first person to like this.