Thread: Encrypted User Passwords

This is not really a bug - but a "non-feature" as the new Dolphin 6.00 encrypts user passwords.

This causes problems for people who have been, or want to, use 3rd party scripts like phpBB, vBulletin, and so on with Dolphin 6.00

We will be releasing a free mod for Dolphin 6.00 to change it back to the old way with unencrypted user passwords (admin passwords can stay encrypted) - so 3rd party scripts can be used easier.

Question is - did the BoonEx coders get lazy with passwords in the code because they are now encrypted? What will be the affect of using unencrypted passwords now.

Time will tell.

One thing about encrypted passwords - if you are going to change to unencrypted ones - you need to do it from the beginning (with no users) or BEFORE you do any upgrades to Dolphin 6.00 - as the password encryption is one way (once they are encrypted, you can not go back to unencrypted without bothering your users a lot.)

HOWEVER.....

If you want to keep encrypted passwords in Dolphin 6.00 and still use 3rd party scripts like phpBB, vBulletin, or whatevever - it is possible with some fancy coding. We (ModMySite) can help you with that if you would like - send us a PM.

Smoge

i went use dolphin with 3rd party scripts like flash chat & phpBB, or vBulletin can you help me how can i do it
tanx

Hello,

Due to the change to encrypted passwords in Dolphin 6.x - there are only two ways to add third party scripts.

a) change the passwords back to being unencrypted - this will only work on a site with no existing users, as the encryption is "one way", unless you want to bother your users with having to set their password again.

b) edit the third party scripts so they use the dolphin authentication method - and thus, the encrypted passwords.

If you would like help with this - we would be happy to.

We would need to know the desired method.

"A" is easiest - but not always possible depending on your membership.

"B" requires additional custom coding in your third party application. And, with each upgrade of your third party application, the custom coding would need to be re-added.

Warm regards,

Smoge

"A" is easiest - but not always possible depending on your membership.

What does membership mean?
Well, i like to prefer solution A. Is there any cons about this?
Who can tell me, how i cand get SMF wokring with Dolphin and where to change the encryption?

Greets Manuel

membership means, the members on your site - in this case - how many there is...

as for changing Dolphin to not use encrypted passwords - either we can do this custom for you (for a fee), or you can wait a bit as we maybe releasing the modification free here on ModMySite, or maybe someone else will release the modification ahead of us.

Smoge

@smoge
thank you for reply. well im a poor student, so i have to wait for any other solutions atm and also i have to wait for a good howto for integrating SMF into dolphin6.

thank you!
greets manuel

We added the choice during install to choose encrypted or unencrypted passwords for users in CLEAN.

but if u shall insert a third part script like phpbb ect ect.. and user hte dolphin login info even on the forum then u need to add some mod into the phpbb and also add in to string so it will get the pwd by the md5hash. Not so hard to make, as im a dev for the btit (a tracker source) i have make an mod so u can add phpbb into that software. Btit has also md5 passwords and makes the security of the passhash much better. So i like it With dolphin i have small knowlage of the source, i have just runned it for like a year or so. I like it also much but haven't had time to learn it (the source im talkin about). Waht i remember from 5.6 is that when u entered the chat or so u could see your password in the adress filed (browser adress field), that kinda annoying cuz if u are on a public place others can easy see it. So thats a good think with md5 passwords, they are encrypted into a string

Hey - encrypted user passwords are fine and great.

The problem is BoonEx changed the rules and forced them down peoples throats. For almost 5 years now not been encrypted.

They could have added the option for it to be either way, like in CLEAN and let people choose.

Some people will want to use encrypted and others the non-encrypted for what they need.

each way has its advantages over the other.

At least with CLEAN people have the choice.

Yea that is great, so users can choose what they wanna to use. I go the encrypted way, cuz of more security in the public and so.. But thats an nice option in the CLEAN.

Cheerz

Who really wants a site that is that unsecured as not to use a simple md5 security. The Integration modules do have to be changed, there is no doubt about that, but for any of you to believe that plain text passwords are the way to go, if you ever get any amount of users on your site, you'll change your mind on that real fast. I am using the md5 passwords and have Flashchat currently working on 6.01 Clean with no changes, just a standard integration, I also have PHPbb installed and integrated, but not auto logging in, but logging in none the less. Sure it limits you to using Apps that are MD5 encrypted, but isn't the little bit of security it provides better than the nothing that it has had up until now?