We will be closed on Monday 1st September for the Labor Day holiday. Support will still be available via the client area although responses may be delayed.
Logo

Help Center

Guides


Passwords in IP.Board

Guide added by Charles Warner, Sep 07 2010 06:03 AM (Updated Nov 09 2012 04:48 PM)



IP.Board stores members' passwords as a salted hash. Both the hash and the salt are stored in the database in the members table as members_pass_hash and members_pass_salt, respectively.

The hash is the md5 sum of the md5 sum of the salt concatenated to the md5 sum of the plaintext password. Expressed in PHP code, this is as follows:
$hash = md5( md5( $salt ) . md5( $password ) );
Where:
  • $hash is the value stored in the database column members_pass_hash.
  • $salt is the value stored in the database column members_pass_salt.
  • $password is the plaintext password.
The salt, is a string of 5 random characters including letters, numbers and symbols (specifically, ASCII characters 33-126, excluding 92). You can easily generate a salt using the IPSMember::generatePasswordSalt() method.


Useful Functions

All of the following functions are static methods of the IPSMember class located in admin/sources/base/ipsMember.php. They require ipsRegistry::init() (ipsRegistry is located in admin/sources/base/ipsRegistry.php) to have been called.

updatePassword()
This will change a member's password. It takes two parameters, the member's ID number and a md5 hash of the new password.

authenticateMember()
This will check a supplied password and return a boolean value indicating if it is correct. It takes two parameters, the member's ID number and the md5 hash of the password to check.

generateCompiledPasshash()
This will generate and return the hash to be stored in members_pass_hash for a password. It takes two parameters, the salt to use, and the md5 hash of the password to store.

generatePasswordSalt()
This will generate and return a salt, which is comprised of 5 random characters.

create()
create is a method to save a new member and update an existing member respectively. In the array you pass to these functions containing the member's data, you can pass a 'password' parameter, containing a plaintext password. The method will generate a hash based on this password.


Conversions

Users writing their own converters using the IP.Board converter application will be using the lib_master::convertMember() function to import members. This function accepts passwords in 4 ways:
  • You can pass a 'md5pass' element in the first parameter, which should be the md5 hash of the member's password.
  • You can pass a 'plainpass' element in the first parameter, which should be the member's password in plain text.
  • You can pass 'pass_hash' and 'pass_salt' elements in the first parameter which should be the values to store for 'members_pass_hash' and 'members_pass_salt' respectively.
  • You can pass a 'password' element in the first parameter, which can be anything you like - you will then write a custom method to verify this value (see below).
If using the fourth option, the value you provide will be stored in the conv_password column in the members table (which doesn't actually exist until the conversion begins).
You must then edit the admin/sources/loginauth/convert/newauth.php, adding a method which will check this value.
The method should be the same name as the key you used for your converter (i.e. the filename in admin/applications_addon/ips/convert/modules_admin/). It will receive 3 parameters: the user's username, the user's EMail and the password to check. You can access the member's other data through $this->parent->memberData - for example, the value you sent will be in $this->parent->memberData['conv_password']. Your method should return a boolean value indicating if the password provided is correct.

Get more help

Customers with an active license can submit support requests to our knowledgeable techs via the client area

Client Area


Support forums

Ask other customers for advice on features, customization and running a community in our peer-to-peer support forums

Support forums