Wildfire-Integration with SimpleMachinesForum

Phillip_Scholz · February 25, 2007, 7:47pm

Hello there,

according to the guide at http://www.igniterealtime.org/builds/wildfire/docs/latest/documentation/db-integ ration-guide.html I am trying to integrate Wildfire with the user-database of the php-based bulletin board SMF.

I got some problems with the build in password encryption in SMF:

function smf_md5_hmac($data, $key)

{

$key = str_pad(strlen($key) <= 64 ? $key : pack(’‘H*’’, md5($key)), 64, chr(0x00));

return md5(($key ^ str_repeat(chr(0x5c), 64)) . pack(’‘H*’’, md5(($key ^ str_repeat(chr(0x36), 64)). $data)));

}

$data is the plaintext-password and $key is set to the name of the user.

Does anyone of you know how to change wildfire’'s decryption method to work with this?

LG1 · February 25, 2007, 9:58pm

Hi,

this method looks like a “security through obscurity” method.

It seems to be something else than a simple md5hash so you’'ll need to write your own plugin.

LG

Phillip_Scholz · March 10, 2007, 4:26pm

… damn … feared that such an answer would be given. Nobody around who feels provoked, writing such a plugin?

the request in the php-script I guess are important is:

$sha_passwd = sha1(strtolower($user_settings[’‘memberName’’]) . un_htmlspecialchars(stripslashes($_REQUEST[’‘passwrd’’])));

if ($user_settings[’‘passwd’’] != $sha_passwd) { //handle bad password }

else

{ //handle correct password }

so it seems as the username is put in front of the password and then a sha1 is calculated from all of it. oh yeah and there is a column named “passwordSalt” in the database.

My biggest problem is not my laziness … but my lack of java-knowledge

LG1 · March 10, 2007, 8:01pm

Hi,

if you have much more PHP knowledge you could modify the scripts (registration + change password) to store the username and md5 password also in another table and write one to fill it using the existing data. This one could be used by Openfire without problems.

Having the username and password two times in the same database if of course not a very good solution but probably faster to implement than modifying the existing auth. provider.

LG

Phillip_Scholz · March 11, 2007, 1:06am

actually I do not have the needed php-knowledge …

if I had … believe me … I did what you said some weeks ago

LG1 · March 11, 2007, 10:44am

Hi,

you may want to find one or pay one to write either the PHP or the Java part … or learn PHP by yourself. This should not be too complicated.

LG

Phillip_Scholz · March 11, 2007, 12:06pm

ok, then … I’‘ll set this one to answered. Thanks for your advices - I’'ll go to learning php

greetz

LG1 · March 11, 2007, 2:17pm

Hi,

I wonder if you have no school or university around, even a non-professional should get this done. On the other hand it’'s never a fault to have at least very basic PHP and Java knowledge to do such things by oneself.

LG

Hans_Kurppa · May 11, 2007, 8:09am

My quick hack, works ok with SMF 1.1.2.

I couldn’'t get the code to show right in this post, so you can read it from here:

http://guru.amifi.net/openfire+smf.txt

To “activate” it with current members, ask them to change their password in Profile (no need to actually change the password though, they can just enter their current password as the New Password in Profile).

Phillip_Scholz · May 11, 2007, 11:10am

yeah GREAT!

Thanks a lot, will give it a try tomorrow.

Phillip_Scholz · May 13, 2007, 1:41pm

It works great. Thanks a lot!