Menu
▾
▴
#111 md5 passwords PROPER
This Includes the changes I did in #1622734 to md5 sum the admin passwords as well as changes to md5 the user passwords.
Now all user passwords are stored as md5 sums both on their computer and in the database.
There is now only 1 cookie.
This fixes a bug where users with a plus sign in their email cannot log in.
The French and Spanish language files will need a quick update.
changes include:
-ship_id is the primary key for the ships table
-password length is set to 32 in the ships table
-cookie is named idpass and is in the form ship_id+md5(password)
-password generator is a separate function in global_funcs.php
-new passwords are generated and emailed when a user forgets their passwords. (the English language file reflects this, the others don't)
I did a mass find-and-replace looking for "WHERE email='$username'" and replacing it with "WHERE ship_id='$id'" I looked through all the occurrences beforehand, it didn't seem to break anything.
Finally, to get the single cookie working, I had manualy edit each file and move checklogin() and connectdb() so that they came before the language & header includes.
While I was at that, I changed the die() for when checklogin() fails (or, in this case, returns true..) to a simple loginpage() function in global_funcs.php that puts out a redirect header for the login page, then dies.
I also learned how to make a patch file just now, so this should be nice and easy to integrate.
So, that was a lot more work that I thought. Now I'm tired.. Enjoy!
The complete, hopefully final patch.
Logged In: YES
user_id=1677461
Originator: YES
Of course, right after I submitted that I noticed that I was missing a line to make the interface work right. Attaching an updated patch.
File Added: blacknova md5 passwords + single cookie v1.1.patch
Logged In: NO
1 more important note:
the password column in the bnt_ships table in the database needs to be changed from a char(16) to a char(32) to accommodate md5 sums. Otherwise payers won't be able to log in.
How can i install those patches ?
here, read this http://haacked.com/archive/2006/02/22/QuickstartGuidetoSubversiononSourceForge.aspx and then this http://tortoisesvn.net/docs/release/TortoiseSVN_en/tsvn-dug-patch.html
That should get you the general idea. You can also just open it in wordpad or whatever and try to decipher it yourself. The patch file is at the bottom of this page for download.