AuthMe Reloaded

9 - Wrong password on phpbb3 bridge

What steps will reproduce the problem?
1. Save all phpbb3 forum users to other DB only for AuthMe
2. Login as user with password "xxx" like: /login xxx and press ENTER

What is the expected output? What do you see instead?
Wrong password. I want to see: welcome, good pasword mate! :)

What version of the product are you using?
AuthMe 2.5.1 and Bukkit 1.1-R2

Do you have an error log of what happened?
2012-01-30 10:34:53 [INFO] [Spout] Successfully authenticated ultramc's Spoutcraft client. Running client version: 1070
2012-01-30 10:35:12 [INFO] [AuthMe] §7[§cAdmin§7] ultramc§f used the wrong password

Please provide any additional information below.
In config file Ive got:
        passwordHash: MD5
but as far as Google says phpbb3 got MD5 hash which is hashed -.- AuthDB plugin could handle it coz it had custom hashes only for phpbb3, AuthDB seems not, is it?

User When Change
d4rkwarriors Feb 15, 2012 at 20:09 UTC
d4rkwarriors Feb 13, 2012 at 09:04 UTC
d4rkwarriors Jan 30, 2012 at 18:27 UTC
UltraMC Jan 30, 2012 at 12:50 UTC Changed name from Wrong password (?) to Wrong password on phpbb3 bridge
UltraMC Jan 30, 2012 at 12:49 UTC
d4rkwarriors Jan 30, 2012 at 10:35 UTC
UltraMC Jan 30, 2012 at 09:42 UTC Create

You must login to post a comment. Don't have an account? Register to get one!

  • 10 comments
  • Avatar of d4rkwarriors d4rkwarriors Feb 13, 2012 at 09:04 UTC - 0 likes

    check new dev version 2.6b7

    if u like the project Donate

  • Avatar of PogonUltras PogonUltras Feb 10, 2012 at 18:55 UTC - 0 likes

    Please send me an early end to the work on this plugin !!!!!!!!!!!!!

  • Avatar of Koksuuu Koksuuu Feb 05, 2012 at 10:48 UTC - 0 likes

    Hey, I have same problem :( When are you going to update this plugin? It's very important for me and please, make it quick, ok ? Thanks in advance, Koksu

  • Avatar of UltraMC UltraMC Feb 01, 2012 at 09:37 UTC - 0 likes

    @d4rkwarriors: Go

    Changing passwords in game and in forums will be possible,but will not affect each other.

    Change password in game = forum not changed

    Change password in forums = game password not changed

    Thats OK for me.

    Last edited Feb 01, 2012 by UltraMC

    BFAK:90627105,4afb69952c26858b8e680b8c9ad8ae6b1989a6d68778ecc8c67e798e4ba33c57

  • Avatar of d4rkwarriors d4rkwarriors Jan 31, 2012 at 19:33 UTC - 0 likes

    but if they change password in game what should happen? or viceverse if they do it with forum?

    i release it on beta for you so u can test if hash process is correct and then release to all ppl

  • Avatar of UltraMC UltraMC Jan 31, 2012 at 17:36 UTC - 0 likes

    @d4rkwarriors: Go

    My case goes like:

    1. User cretes and activates account on phpbb3 forum board.

    2. User activates his account in game giving his name and password on special form which copies password, and username from phpbb3 DB to AuthME DB (phpbb3 > AuthDB password copy)

    ! Tables that you want to include are: mySQLColumnLastLogin: whatever mySQLColumnPassword: user_password mySQLColumnName: username_clean (important, its lowercase plain username) mySQLColumnIp: whatever

    So your method is compleatly OK and expected. Are you planning to realease it to public? if yes, when :)

    Last edited Jan 31, 2012 by UltraMC
  • Avatar of d4rkwarriors d4rkwarriors Jan 30, 2012 at 21:42 UTC - 0 likes

    hey i have implemented it, but there are some problems like, my method should work only if yours players is registered before on phpbb, beacuse there are some field in phpbb3 that require web registration like email name and more others.. for a complete integration, like users can register to phpbb board thru minecraft by command /register i have to take more time on rewrite command check sintax and move session system..

  • Avatar of UltraMC UltraMC Jan 30, 2012 at 12:49 UTC - 0 likes

    @functions: multiplayerminecraft.pl/functions.zip

    You want to check AuthDB plugin (outdated) - Used it since Minecraft 1.7.0 till 1.0.1 - it has that implemented: http://forums.bukkit.org/threads/admn-sec-authdb-v2-3-2-database-auth-session-guest-options-bad-character-filters-1337.19760/

  • Avatar of d4rkwarriors d4rkwarriors Jan 30, 2012 at 10:34 UTC - 0 likes

    so as i see phpbb3 use his own hash algorithum with urandom + md5 , so thats the fact u have wrong password, authme simple did md5 hash.

    iam looking for some wiki page on phpbb3 that explain his own algorithum, i never use phpbb so this will take a while, i think u can upload includes/functions.php so i can check what really do phpbb_hash and try to add this feature

    Last edited Jan 30, 2012 by d4rkwarriors
  • Avatar of UltraMC UltraMC Jan 30, 2012 at 09:44 UTC - 0 likes

    About pgpbb3 hash and encryption: http://www.phpbb.com/kb/article/difference-between-encryption-and-hashing/ "phpBB3 uses phpass which makes use of MD5 with salting to help resist bruteforce attacks."

  • 10 comments

Facts

Last updated
Mar 30, 2012
Reported
Jan 30, 2012
Status
Fixed - Developer made requested changes. QA should verify.
Type
Defect - A shortcoming, fault, or imperfection
Priority
Medium - Normal priority.
Votes
1

Reported by

Possible assignees