cookie password hashing
 

How do I derive the bbpassword hashed password value stored in the cookie from the user.password value as stored in the database for a given user?

I need to be able to do this so I can fix the LDAP authentication plugin here http://www.vbulletin.org/forum/showthread.php?t=196596 which is not setting the cookie bbpassword when it sets user passwords, so its not obeying the 'remember me' tick box

The process is documented in numerous places as:

Code:
md5(md5(md5($cleartext_password) + $salt) + $license_id)
where license_id is the 'VBF*******' value of your license and $salt is user.salt value from the db.

However when I code this, I do not get the same hashed value as what is stored in the cookie.

Note that I can successfully generate the user.password hash as stored in the database with md5(md5($password) + $salt).

The code I am using is very simply:

Code:

The $calc_db_pwd matches the hashed value stored in the database for the user in question, but the $calc_cookie_pwd produced does not match the bbpassword value in the cookie.

I'm really stumped here. I think I'm doing exactly what has been documented but no go.

Has the way the cookie pwd is being generated changed recently?

Would really appreciate some help on this one :)