Back in 2015 I worked on a brand new community for the folks over at TML-Studios. We used phpFox 3 for our community but we weren’t really happy with it after a few years. We decided to move over to Woltlab Burning Board and it was probably the best decision we’ve ever made. We had to keep in mind to import our user base which consisted of over 3000 registered members.

Loosing them would be a fatality, so I’ve made some changes on WoltLab’s Community Framework to support phpFox 3 password data rows in WCF’s user database table. And it works like a charm, our users were happy to use the same account for our brand new community forums.


Woltlab merged my pull request in their stable branch. If you’re using their latest version skip the source code below and just begin importing your users.



Setup source and instance code (for legacy versions):
Grab and sync the whole forked source code from GitHub and open wcfsetup/install/files/lib/util/PasswordUtil.class.php.
If you want to replace the whole PHP script, just go ahead and replace /wcf/lib/util/PasswordUtil.class.php with the forked PHP file on your web space.

Other than that, in case you already got an installed instance of WBB WCF download PasswordUtil.class.php from your web space with FTP and open it with a code editor of your choice.
Locate and navigate to private static $supportedEncryptionTypes in line 33 and add a new array string item 'phpfox3'.
Add a new public function in addition to supported encryption types in the same source file in order that WBB recognizes the hashing algorithm:

protected static function phpfox3($username, $password, $salt, $dbHash) {
    if (self::secureCompare($dbHash, md5(md5($password) . md5($salt)))) {
        return true;

    return false;

Import phpFox 3 user credentials to WBB WCF:
Importing user credentials is a bit dodgy since many techniques are possible. Be sure to export your phpfox_user database table from your phpFox 3 MySQL database to a generic file format, such as CSV or XML. SQL is fine too and should do the next job well.

Use a text tool or a scheme editor of your choice. I used NimbleText (btw, it’s a great tool for hacky text editing) and just imported a CSV/JSON scheme and refactored it to SQL statements through batching. You have to match all phpFox 3 password data to WBB WCF’s password scheme by merging them into phpfox3:{phpfox_user.password}:{phpfox_user.password_salt}, e.g. phpfox3:mysuperpassword:mypasswordsalt. Those merged data schemes must be inserted into WBB WCF’s password row in wcf_user database table while matching the corresponding user.

Final steps:
Your WCF instance is now ready for use by your imported phpFox users, their passwords will be automatically applied to WCF’s password  hashing algorithm after they signed in the very first time in your WBB instance. Other yet unsigned users will still own their hashed password based on phpFox 3 algorithm until they sign on. New users who register afterwards won’t use phpFox 3 password hashing method. They will get a hashed password based on WCF’s defaults algorithm, so they’ll stay out of the loop and you don’t have to concern about them.

That’s pretty it.

Fork on GitHub
PasswordUtil.class.php on GitHub
Pull request on GitHub