How to convert text to phpbb hash?
Asked Answered
V

3

4

I am trying to convert a test password (testing4) into a phpbb3 hash. This is the code I have tried:

<?php
/** 
*
* @package phpBB3
* @version $Id: v3_dbal.xml 44 2007-07-25 11:06:55Z smithy_dll $
* @copyright (c) 2005 phpBB Group 
* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
*
*/

/**
* @ignore
*/
define('IN_PHPBB', true);
include ("functions_phpbb.php");

$data['new_password'] = "testing4";

$user_row = array(
    'user_password' => phpbb_hash($data['new_password'])
    );

$hash = $user_row['user_password'];

echo $hash;
?>

and this doesn't work either:

$pass = "testing4";
$hash = phpbb_hash($pass);

Both times I recieve the following error message:

Fatal error: Call to a member function sql_escape() on a non-object in /home/a8544020/public_html/Pass/functions_phpbb.php on line 149

I have tried it on 2 different hosts without any luck. Otherwise is there an online service that simply converts text to the hash?

Thanks in advance

Valley answered 13/3, 2011 at 10:39 Comment(0)
H
5

I'm assuming your functions_phpbb.php file is a copy of the includes/functions.php file of the phpBB3 package.

Now, the reason you are getting this error is because the phpbb_hash function uses the phpBB unique_id function for entropy, which depends on a database connection (to change and persist the entropy on every request).

There's two ways to fix this.

a) include phpBB's common.php, which will bootstrap your code for phpBB (including db connection, error handlers, etc).

b) phpBB3 uses phpass for hashing. I suggest you simply download the standalone phpass package and use that to generate the hash.

Little caveat: phpBB3 changes the hash identifier from '$P$' to '$H$' (don't ask me why), so you will have to change this line:

$output = '$P$';

to:

$output = '$H$';

Since option a) adds quite some overhead, and you are probably only wanting to use the hashing functions, I'd suggest option b).

Hoover answered 13/3, 2011 at 13:20 Comment(1)
As a side note, a change has been merged into phpBB that will make 'P' work as well, this will be present in phpBB 3.0.9.Hoover
K
0

Maybe the other way. I have used the library from: http://www.openwall.com/phpass/ To make it working, you must change first 3 characters of generated HASH:

$P$

to

$H$

used in phpbb

Karaganda answered 25/5, 2012 at 21:42 Comment(0)
R
-1

I wonder why they run a password hash through a SQL escaping function.. but you could simply try defining that function as a dummy:

function sql_escape($str) { return $str; }
Reproduction answered 13/3, 2011 at 10:50 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.