I have IPB 2.3.5. I need to decrypt (or encrypt) the passwords from the database so I can compare them to user input from another page. So, how does anyone happen to know how IPB encrypts their passwords? (Or how to decrypt them?)

Recommended Answers

I have IPB 2.3.5. I need to decrypt (or encrypt) the passwords from the database so I can compare them to user input from another page.

It's unlikely you'll decrypt them; they're hashed.

So, how does anyone happen to know how IPB encrypts their passwords? (Or how to decrypt them?)

Jump to Post

All 3 Replies

I have IPB 2.3.5. I need to decrypt (or encrypt) the passwords from the database so I can compare them to user input from another page.

It's unlikely you'll decrypt them; they're hashed.

So, how does anyone happen to know how IPB encrypts their passwords? (Or how to decrypt them?)

A quick google search for "IPB password hashing" threw up this link:
http://www.neowin.net/forum/index.php?showtopic=317007

It seems to be talking about what you want to do;
"to generate the passwords, ipb generates an md5 hash of it, "salts" it, and then re-hashes the salt. the salt i beleive is stored in ibf_members_extra, but i am not sure. note: it is unique for each user"

> so I can compare them to user input from another page
You encrypt the input using the same steps you did to store the encrypted password in the first place.
You then compare two encrypted results.
If they match, they're in!.

Thanks, guys. The salt was in the database, so I just had to use md5(md5($salt).md5($pass)) , and compare it with some other things in the DB. Thanks, again! md5(md5($salt['converge_pass_salt']).md5($password));

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.19 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.