Post: How to change vBulletin's passwords algorithm
Options
03-09-2013, 08:52 PM
#1
IVI40A3Fusionz
Former Gaming Squad Member
You must login or register to view this content.
So alot of people may be wondering how to change how their vBulletin forum hashes their passwords ready to be stored in the database and in this tutorial i'm going to show you how
. Overall you only need to edit 2 PHP files and 5 lines of code (4 if you want to miss out the salt step). Although this will not make your forum unhackable it may increase your security just a tiny bit, you may also want to consider using a strong password from You must login or register to view this content. or another website.
So alot of people may be wondering how to change how their vBulletin forum hashes their passwords ready to be stored in the database and in this tutorial i'm going to show you how
. Overall you only need to edit 2 PHP files and 5 lines of code (4 if you want to miss out the salt step). Although this will not make your forum unhackable it may increase your security just a tiny bit, you may also want to consider using a strong password from You must login or register to view this content. or another website.Step 1: Opening the correct files.
So firstly you will want to open up the files, class_dm_user.php and functions_login.php both of these can be found in your includes directory.
Step 2: Editing the class_dm_user.php. Password.
So this file contains all the information for generating the salt, hashing the password etc. And to change how the password is hashes we are going to go to line 900 or find,
return md5($password . $salt);
We are then going to replace this with anything we like that works, in my example i'm just going to add and extra md5() and a sha1(). So i am going to replace this line with,
return sha1(md5(md5($password) . $salt));
Step 3: Editing the class_dm_user.php. Salt.
Now this step isn't necessary however it may be useful if you do this, so you are going to want to go to the line 919 or find,
return $salt;
And in this example i am going to md5() hash the salt so i can going to replace this line with,
return md5($salt);
Step 4: Editing the functions_login.php.
So this file basically does what it says, it contains all the information and coding for logging into your account by checking the users inputted password, and because we just changed our algorithm we need to edit this so that users can login without any problems. To do this we are going to go to line 170 or search for,
$vbulletin->userinfo['password'] != iif($password AND !$md5password, md5(md5($password) . $vbulletin->userinfo['salt']), ''
AND
We are now going to replace these 3 lines of code,
$vbulletin->userinfo['password'] != iif($password AND !$md5password, md5(md5($password) . $vbulletin->userinfo['salt']), '' AND
$vbulletin->userinfo['password'] != iif($md5password, md5($md5password . $vbulletin->userinfo['salt']), '' AND
$vbulletin->userinfo['password'] != iif($md5password_utf, md5($md5password_utf . $vbulletin->userinfo['salt']), ''
With this coding,
$vbulletin->userinfo['password'] != iif($password AND !$md5password, $hashedpass, '' AND
$vbulletin->userinfo['password'] != iif($md5password, $hashedpass2, '' AND
$vbulletin->userinfo['password'] != iif($md5password_utf, $hashedpass3, ''
We now want to set the variables, $hashedpass, $hashedpass2, $hashedpass3, so above the if statement (approximately line 169) we are going to place these,
$hashedpass = sha1(md5(md5(md5($password)) . $vbulletin->userinfo['salt']));
$hashedpass2 = sha1(md5(md5($md5password) . $vbulletin->userinfo['salt']));
$hashedpass3 = sha1(md5(md5($md5password_utf) . $vbulletin->userinfo['salt']));
As you can see the new algorithm for logging in is the same as the algorithm used when registering, changing password etc. NOTE that if you did not hash the salt you will not want to hash the salt for logging it
.NOTE: If your hash is not an MD5 hash at the end you will need to edit the user table and edit the length of the password field (40 for sha1) through your phpmyadmin :y:.
The following user thanked IVI40A3Fusionz for this useful post:
03-10-2013, 12:26 AM
#5
Pichu
PICHU.
PICHU.
Originally posted by IVI40A3Fusionz
You must login or register to view this content.
So alot of people may be wondering how to change how their vBulletin forum hashes their passwords ready to be stored in the database and in this tutorial i'm going to show you how. Overall you only need to edit 2 PHP files and 5 lines of code (4 if you want to miss out the salt step). Although this will not make your forum unhackable it may increase your security just a tiny bit, you may also want to consider using a strong password from You must login or register to view this content. or another website.
So alot of people may be wondering how to change how their vBulletin forum hashes their passwords ready to be stored in the database and in this tutorial i'm going to show you how
. Overall you only need to edit 2 PHP files and 5 lines of code (4 if you want to miss out the salt step). Although this will not make your forum unhackable it may increase your security just a tiny bit, you may also want to consider using a strong password from You must login or register to view this content. or another website.Step 1: Opening the correct files.
So firstly you will want to open up the files, class_dm_user.php and functions_login.php both of these can be found in your includes directory.
Step 2: Editing the class_dm_user.php. Password.
So this file contains all the information for generating the salt, hashing the password etc. And to change how the password is hashes we are going to go to line 900 or find,
return md5($password . $salt);
We are then going to replace this with anything we like that works, in my example i'm just going to add and extra md5() and a sha1(). So i am going to replace this line with,
return sha1(md5(md5($password) . $salt));
Step 3: Editing the class_dm_user.php. Salt.
Now this step isn't necessary however it may be useful if you do this, so you are going to want to go to the line 919 or find,
return $salt;
And in this example i am going to md5() hash the salt so i can going to replace this line with,
return md5($salt);
Step 4: Editing the functions_login.php.
So this file basically does what it says, it contains all the information and coding for logging into your account by checking the users inputted password, and because we just changed our algorithm we need to edit this so that users can login without any problems. To do this we are going to go to line 170 or search for,
$vbulletin->userinfo['password'] != iif($password AND !$md5password, md5(md5($password) . $vbulletin->userinfo['salt']), '' AND
We are now going to replace these 3 lines of code,
$vbulletin->userinfo['password'] != iif($password AND !$md5password, md5(md5($password) . $vbulletin->userinfo['salt']), '' AND
$vbulletin->userinfo['password'] != iif($md5password, md5($md5password . $vbulletin->userinfo['salt']), '' AND
$vbulletin->userinfo['password'] != iif($md5password_utf, md5($md5password_utf . $vbulletin->userinfo['salt']), ''
With this coding,
$vbulletin->userinfo['password'] != iif($password AND !$md5password, $hashedpass, '' AND
$vbulletin->userinfo['password'] != iif($md5password, $hashedpass2, '' AND
$vbulletin->userinfo['password'] != iif($md5password_utf, $hashedpass3, ''
We now want to set the variables, $hashedpass, $hashedpass2, $hashedpass3, so above the if statement (approximately line 169) we are going to place these,
$hashedpass = sha1(md5(md5(md5($password)) . $vbulletin->userinfo['salt']));
$hashedpass2 = sha1(md5(md5($md5password) . $vbulletin->userinfo['salt']));
$hashedpass3 = sha1(md5(md5($md5password_utf) . $vbulletin->userinfo['salt']));
As you can see the new algorithm for logging in is the same as the algorithm used when registering, changing password etc. NOTE that if you did not hash the salt you will not want to hash the salt for logging it
.NOTE: If your hash is not an MD5 hash at the end you will need to edit the user table and edit the length of the password field (40 for sha1) through your phpmyadmin :y:.
MyBB or PhP3?
Which one would you prefer for a free forum? I'm thinking about in the future opening up a forum for when my site gets bigger so people can talk to one another and discuss.
Very small basic forum.
03-10-2013, 01:28 AM
#6
IVI40A3Fusionz
Former Gaming Squad Member
Originally posted by Pichu
MyBB or PhP3?
Which one would you prefer for a free forum? I'm thinking about in the future opening up a forum for when my site gets bigger so people can talk to one another and discuss.
Very small basic forum.
Which one would you prefer for a free forum? I'm thinking about in the future opening up a forum for when my site gets bigger so people can talk to one another and discuss.
Very small basic forum.
Never used PHP3 but i love MyBB
, if you can find a nice theme and patch up all the known vulnerabilities and ones not alot of people know you're set really works just the same as vBulletin but easier to use, uses less bandwidth, requirements are low and it's free.Also unlike alot of forum software developers MyBB are very soft on what you do to your forum, aslong as you leave their name in the forum footer you can pretty much do what ever you want unlike vBulletin etc.
So want my opinion? Go with MyBB
. Easier to work with, can do what ever you want and works just as well as every other forum software . Maybe i'll release some things for MyBB e.g. how to edit password algorithm, might do a tutorial (video series) on how to make a custom MyBB theme from scratch etc. And also how to patch some MyBB vulnserabilities .
03-10-2013, 01:48 AM
#7
Pichu
PICHU.
PICHU.
Originally posted by IVI40A3Fusionz
Never used PHP3 but i love MyBB , if you can find a nice theme and patch up all the known vulnerabilities and ones not alot of people know you're set really works just the same as vBulletin but easier to use, uses less bandwidth, requirements are low and it's free.
Also unlike alot of forum software developers MyBB are very soft on what you do to your forum, aslong as you leave their name in the forum footer you can pretty much do what ever you want unlike vBulletin etc.
So want my opinion? Go with MyBB. Easier to work with, can do what ever you want and works just as well as every other forum software . Maybe i'll release some things for MyBB e.g. how to edit password algorithm, might do a tutorial (video series) on how to make a custom MyBB theme from scratch etc. And also how to patch some MyBB vulnserabilities .
, if you can find a nice theme and patch up all the known vulnerabilities and ones not alot of people know you're set really works just the same as vBulletin but easier to use, uses less bandwidth, requirements are low and it's free.Also unlike alot of forum software developers MyBB are very soft on what you do to your forum, aslong as you leave their name in the forum footer you can pretty much do what ever you want unlike vBulletin etc.
So want my opinion? Go with MyBB
. Easier to work with, can do what ever you want and works just as well as every other forum software . Maybe i'll release some things for MyBB e.g. how to edit password algorithm, might do a tutorial (video series) on how to make a custom MyBB theme from scratch etc. And also how to patch some MyBB vulnserabilities .
Damn, I'd love some tutorials on that to be honest. I'm now uploading my first YouTube video for C# tutorials. Hoping that my site grows. If I start noticing more and more activity, I'd love to put into place a small forum for general chat. Security would be nice.
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
