Setting up a new forum - need some help migrating

This message was edited 1 time. Last update was at 22/09/2011 18:55:05

I am setting up a new forum board: http://forum.flexraid.com

I do not intend to migrate this forum and its content to the new forum, but I would like to migrate the user registration along with synchronizing such registration with the bug.flexraid.com and wiki.flexraid.com.
My current road block is having to deal with the passwords stored as hash values in each of the sites databases
Anyone familiar with password hash conversion or synchronizing authentication between SMF and WordPress?

Great.

Hope SMF supports users using their OWN time-zones...

There is a plugin for what you want I think:
http://wordpress.org/extend/plugins/wpsmf/

...I wouldn't bother with this if I were you. It's not a huge thing to re-register esp. since posts will not be migrated.

After all since you plan to merge those accounts with bug.flexraid, what will happen to people that have already registered there? Why not use that database?

Hey NLS,

Thanks but that plugin is not what I am looking for.
Each product (wiki, mantis, SMF forum) tends to have it own format for saving and encrypting user passwords.
What I am looking for is a way to decrypt and re-encrypt that information so that once a user signs in to one site, I can propagate his login to the other sites.

The new forum looks great!

About your issue, what platform are you using? This forum is phpbb, the new one is?
I'm far from being a specialist, but sometimes those platforms have APIs to support single sign-on

It would basically mean that you keep all credentials in 1 place, and validate them from the other portals.
SMF does seem to support that.

But maybe I'm talking bs and it's not at all what you intend to do...

I agree, we can re-register, not a problem.

The forum is SMF 2.0, the bug tracking is Mantis, and the wiki is WordPress.
All three are PHP based.

I did look into LDAP integration and support of it is poor on these products.
The simplest solution I found is to write an application that reads the databases and synchronize the registration information.
The challenge however is that the passwords are encrypted and they each use different techniques.

I want to make the forum the primary registration site and propagate those registrations to the bug tracking and wiki sites.
Again, I have access to each of the databases and can easily write a program to do the database synchronization, but I need to deal with the encrypted data.

This message was edited 1 time. Last update was at 02/07/2011 01:34:30

My point was to use the authentication / SSO APIs that some of those systems have to do SSO between them.
Unfortunately, it will not help in merging all existing user databases into one, but would achieve having only 1 in the future.
I don't know if it's possible with all of them.
Or you could use OpenID.

I'm not aware of any possibility to decrypt hashes, as I thought they are 1-way encryption algorithms...

Those platforms being open source, you could modify their code so that they use compatible hashing algorithm. But that can be difficult...

Edit:
Apprently, you can modify Mantis' core/authentication_api.php to use an external system to authenticate users.

As stated, support for LDAP is poor across the solutions.
That was my first solution to explore.

The algorithms used in user account encryption are almost always one-way, so your best bet is probably to propagate the information before it becomes hashed (at the point of registration on the forum). You could call your own script which hashes the login/password in each required format and inserts directly into the databases. To avoid issues, disabling direct registration on the bug tracker and wiki would be best.

This message was edited 1 time. Last update was at 03/07/2011 16:59:56

Duz wrote:The algorithms used in user account encryption are almost always one-way, so your best bet is probably to propagate the information before it becomes hashed (at the point of registration on the forum). You could call your own script which hashes the login/password in each required format and inserts directly into the databases. To avoid issues, disabling direct registration on the bug tracker and wiki would be best.

Indeed, I stopped being lazy and looked at the source codes. They are all saving the digest information as expected.
Looks like I am going to be writing my own single sign-on solution.

The challenge now is to convert the one way hash logic in SMF, WordPress, and Mantis into Java.

I still need help.
Attached is the logic for registering and login into SMF.
I need to capture that logic and translate it into Java.

I need to translate this code:

More specifically, I need to understand what the sha1() function does (how it encodes) in PHP in order to translate it into Java.
Same for the mt_rand() function.

Brahim wrote:
More specifically, I need to understand what the sha1() function does (how it encodes) in PHP in order to translate it into Java.
Same for the mt_rand() function.

There are many Java libraries computing SHA1 hashes, why not using one of these?
And mt_rand is just a random nb generator.

xliv wrote:
There are many Java libraries computing SHA1 hashes, why not using one of these?
And mt_rand is just a random nb generator.

I figured it out.
The secret to the problem I was having was in the encoding of the resulting hash.

Now I need to figure out how to convert Java time to PHP time.

Thanks for the inputs guys.

This message was edited 1 time. Last update was at 03/07/2011 18:33:22

SHA-1 is pretty standard, and Java does have libraries to compute this, though it will give you raw data back rather than a 40-char hex string like PHP does. Here's some sample code that should generate the same result as sha1() in PHP.

As for mt_rand(), I don't think Java has a standard implementation of Mersenne Twister, but there is plenty of free code available for this, such as: http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/VERSIONS/JAVA/MTRandom.java

Hope that helps.

Edit: Oops, guess I'm a little late

@Duz
Hey thanks for the post.
Yeah, I figured out the encoding issue but the random number generation will be useful in trying to stay as faithful as possible in the port.

Also, the time conversion is straight forward: mt_time() just reports its time value in seconds where as Java does it in milliseconds.
Both use Epoch as reference.

I still have quite a bit of work to get the SSO app functional, but this is a great start.
Once again, thanks to all for the inputs.

Any news on this front?

NLS wrote:Any news on this front?

Well, I have decided to go with OpenID.
I just finished setting up my own provider site for more trust: http://www.openegg.org/openid

Once user register for an OpenID, registration to every FlexRAID site will be painless.
Moreover, an OpenID from openegg.org can be used in other sites.

SMF already supports OpenID and WordPress has a plugin for it.
The only thing left is Mantis, but hopefully, support will come sooner than later.

Nice. I probably have a few of those.

(even have my own openid site)