I currently use phpBB to authenticate users to pages outside of their bulletin board system. I have found that I really do not need the phpbb forums any longer and would like to totally gut phpbb and replace it with a new authentication system (maybe write my own).
After doing some research, I have found that phpbb no longer md5 hashes their passwords and now does some type of custom hashing algorithm. My question is two fold:
-
What is the best way to extract passwords (10,000+ users) from the phpbb databases for import in to a new system that can read the existing passwords. If this is not possible what is the best way to go about having users authenticate?
-
Is there a good php authentication system that I should be using or should I just write my own? My only two requirements are Facebook connect and being able to use my existing username and password list. I have read this tutorial which appears pretty intuitive http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL
Thanks in advance!
One. PHPBB stores an encryption “salt” that is used to hash the passwords, find the salt and you can use it in your new app, or use it to loop through your passwords and create new passwords using a different encryption when you write your own system if you like.
You can see how the salt is created and checked in the phpbbHash.php file.
Two. If you don’t fancy using a PHP framework to take care of all this for you, then yes maybe write your own – The tutorial you listed is quite good.. loads on Google.. this one is quite a good ACL focused tutorial.