Minecraft JAR: 1.9.2-R0.1-SNAPSHOT
Plugin Version: AuthMe-5.2-BETA2-spigot.jar
PHPBB Version: 3.1.9
DB TEST
Hash example: $2y$10$9rmV5mxXkudr1t9AOvv.J.uezYdsN3ujjmJvLYzMMnkDXrjJVW//i
User form Salt: 01d8b9f2dfecc275
Console error:
cPathz used the wrong password
Bcrypt checkpw() returned [IllegalArgumentException]: Invalid salt version
XfBCrypt checkpw() returned [IllegalArgumentException]: Invalid salt version
ORIGINAL DB
HASH $2y$10$4JKccUIKFk7lrUVEDTObRORkMt00UdjZ/8/I7HRQG7rM/qiBd5wHa
SALT 0ccca3c358203297
HASH $2y$10$uJ5gabL20WHqp/WsM0LHNevdFYiqiEB9QoMWFx9t3JhkwhrmvOTQi
SALT 89c0845cc61b16b8
HASH $H$76YI20Kpznyc8Gwh2HVMI5FlENWzF/1
SALT 44d8ce733f075cb8
HASH $H$71GFHQe8CGkcZ96wfhEDSEC3NJrOQr/
SALT fc3f8fcf10daae33
Could you give us some sample passwords with the original one password in plain text, so we can check it? For example the hash from a test account with the password 'authme_test'.
I created some users in the forum. I hope this information helps you.
test01
PASS: authme_test01
HASH $2y$10$CpN/vTBseiOe4nZOX8otyuPEyE1FaSsgubX79ENcqM793/q7sG8yW
SALT 1b16bb5383d40f73
test02
PASS: authme_test02
HASH $2y$10$4OiwltdBo.fksX9k9cWUqeuXUaymGf10HVeIuVb2xuv3yCjhFahKq
SALT c7f7bae03919fb1d
test03
PASS: authme_test03
HASH $2y$10$0crUeSSuqHN8/hhh9.6qDeI8oWwWxit5oXoTvIyAslMNzesOOgT9O
SALT f84bad8c8ccba47d
test04
PASS: authme_test04
HASH $2y$10$yIorHfe7HR6Nda0j85Ye8.NDGWt7tyf/wcFe6TBkuAv5SVVIvhWaa
SALT 759f071f046ff395
What's your config value for the passwordHash property?
If it's not Bcrypt, could you try it with BCrypt?
Thanks for the information. I can not set it in the afternoon, I'm overworked. I check just now and it works correctly.
Thanks for the support
Thanks for the feedback, @cPathz. I'm keeping it open & assigning it to me to do some analysis as to what version our PHPBB hash implementation is compatible with and from which version on BCRYPT should be used instead.
@ljacqu Might be relevant https://tracker.phpbb.com/browse/PHPBB3-11610
I think I have the same problem of long ago, that's why I put it in this section.
The following message appears in the console when I try to log in with a registered user in the forum
Thanks in advance for your attention
Password: Admin123$%&
user_password: $2y$10$Kk6I4am9.QXjG3ep.P6VTuz/TKmf49nWcNsJlaJq1kCcj5xX8hxgu
user_form_salt: 62d260f517205ed4
backend: 'mysql'
passwordHash: 'PHPBB' *and BCRYPT too
doubleMD5SaltLength: 8
supportOldPasswordHash: true
mySQLColumnSalt: ''
mySQLColumnGroup: ''
nonActivedUserGroup: 1
mySQLOtherUsernameColumns: []
bCryptLog2Round: 10
phpbbTablePrefix: 'phpbb_'
phpbbActivatedGroupId: 2
@cPathz that's just a consequence of having supportOldPasswordHash: true. This setting will check all of our hash algorithms if the main hash algorithm check fails, and sometimes the hash in the DB is the totally wrong format of what another hash algorithm expects. The logging is just for the record, in case it would be a relevant error.
With a newer build version of AuthMe you'll get rid of these errors because supportOldPasswordHash no longer exists. You can specify the hashes to check with a new setting, legacyHashes.
With the recent bug #1400 the hash implementation and its documentation was updated, so there's nothing left to do here.