powered by Jive Software

Wildfire-Integration with SimpleMachinesForum

Hello there,

according to the guide at http://www.igniterealtime.org/builds/wildfire/docs/latest/documentation/db-integ ration-guide.html I am trying to integrate Wildfire with the user-database of the php-based bulletin board SMF.

I got some problems with the build in password encryption in SMF:

function smf_md5_hmac($data, $key)

{

$key = str_pad(strlen($key) <= 64 ? $key : pack(’‘H*’’, md5($key)), 64, chr(0x00));

return md5(($key ^ str_repeat(chr(0x5c), 64)) . pack(’‘H*’’, md5(($key ^ str_repeat(chr(0x36), 64)). $data)));

}

$data is the plaintext-password and $key is set to the name of the user.

Does anyone of you know how to change wildfire’'s decryption method to work with this?

Hi,

this method looks like a “security through obscurity” method.

It seems to be something else than a simple md5hash so you’'ll need to write your own plugin.

LG

… damn … feared that such an answer would be given. Nobody around who feels provoked, writing such a plugin?

the request in the php-script I guess are important is:

$sha_passwd = sha1(strtolower($user_settings[’‘memberName’’]) . un_htmlspecialchars(stripslashes($_REQUEST[’‘passwrd’’])));

if ($user_settings[’‘passwd’’] != $sha_passwd) { //handle bad password }

else

{ //handle correct password }

so it seems as the username is put in front of the password and then a sha1 is calculated from all of it. oh yeah and there is a column named “passwordSalt” in the database.

My biggest problem is not my laziness … but my lack of java-knowledge

Hi,

if you have much more PHP knowledge you could modify the scripts (registration + change password) to store the username and md5 password also in another table and write one to fill it using the existing data. This one could be used by Openfire without problems.

Having the username and password two times in the same database if of course not a very good solution but probably faster to implement than modifying the existing auth. provider.

LG

actually I do not have the needed php-knowledge …

if I had … believe me … I did what you said some weeks ago

Hi,

you may want to find one or pay one to write either the PHP or the Java part … or learn PHP by yourself. This should not be too complicated.

LG

ok, then … I’‘ll set this one to answered. Thanks for your advices - I’'ll go to learning php

greetz

Hi,

I wonder if you have no school or university around, even a non-professional should get this done. On the other hand it’'s never a fault to have at least very basic PHP and Java knowledge to do such things by oneself.

LG

My quick hack, works ok with SMF 1.1.2.

I couldn’'t get the code to show right in this post, so you can read it from here:

http://guru.amifi.net/openfire+smf.txt

To “activate” it with current members, ask them to change their password in Profile (no need to actually change the password though, they can just enter their current password as the New Password in Profile).

yeah GREAT!

Thanks a lot, will give it a try tomorrow.

It works great. Thanks a lot!