Jibeji

Hi Martin,

Here is the code for method verifyLegacyPassword() in my installatation :

public function verifyLegacyPassword( $password )
{
   return \IPS\Login::compareHashes( $this->members_pass_hash, md5( md5( $this->members_pass_salt ) . md5( \IPS\Request::legacyEscape( $password ) ) ) );
}

It looks pretty much the same as updatePassword() that I found in /admin/sources/base/ipsMember.php

Hi,

I am closing my IPB forum which is not used anymore.

However, I would like to keep the existing members database which is used for another section of my website, without asking them to change their password.  I'd consequently like to use the same password algorythm as in IPB on my own authentication system, just by keeping name, email, members_pass_hash, members_pass_salt from the database.

My question is : do you know how are the passwords managed in IPB ?

Any help would be appreciated.

Edit

As from the public function updatePassword(), it looks like the pass_hash is :

$new_pass = md5( md5( $member['members_pass_salt'] ) . $new_md5_pass );

But the hash stored in the Database seem to be the result of a password_hash() function.

A parenthese is missing.

In my case, 'Nickname You Want' field contains a paranthese, I messed the paste up. 🙂

$sql="update ibf_forums_posts set post = replace(post, '".$name."', 'Nickname You Want')";

Just in case it is needed by someone else, here is what I have done:

$sql = "select member_id from ibf_core_members where name = '".$name."'";
$result = $pdo->query($sql);
$row = $result->fetch();
$member_id = $row['member_id'];
   
require_once('/path/to/forums/init.php');
$IPSLogin = new \IPS\Login\Internal;
$IPSLogin->init();$member = \IPS\Member::load( $member_id );
$member->delete(false);

$sql = "update ibf_forums_topics set starter_name = 'Nickname You Want' where starter_name = '".$name."'";
$pdo->query($sql);
$sql = "update ibf_forums_topics set last_poster_name = 'Nickname You Want' where last_poster_name = '".$name."'";
$pdo->query($sql);
$sql="update ibf_forums_posts set post = replace(post, '".$name."', 'Nickname You Want'";
$pdo->query($sql);
$sql = "update ipb.ibf_forums_posts set author_name='Nickname You Want',edit_name='Nickname You Want' where author_id=".$member_id;
$pdo->query($sql);

Hi,

I'll sql / replace in the database to sort this quickly out.

Thanks for your answers.

The source is a registered letter from the CNIL (Commission nationale de l'informatique et des libertés) I received at home... 😞  

I know that, but the whole sentence is :

Quote

Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:

1. for exercising the right of freedom of expression and information;

It has been declared by the local regulator in France that keeping a name public on a forum is not a such necessity.

Unfortunately yes.

As the name is a personal information, a user can request it to be deleted.

Hi,

In the context of the GDPR, I am wondering wether there is a way to anonymize all the content refering to un unsbscribed user. In my forum, everybody uses its real name, not a pseudo.

I know that the content a user has posted can by anonymized while deleting it in the Admin CP, but the user can also request his name to be deleted everywhere it appears.

Is there a way replace the name of that user in every post (quotation, @user, etc...) ?