Re: [Phpwiki-talk] User Auth against extern mysql table

[searchadm <sea...@go...>]

I changed the code at the end of this mail  in WikiUserNew.php and it=20
works fine for me and my problem....

one problem is still alive but its no problem of my changed code i=20
think. when i log in as user and use Microsoft Browser the Login keeps=20
beeing alive all the session.
When i use the newest Firefox and Mozilla and i switch from one page to=20
the other inside the wiki the Login is lost and i have to reauth.
Is there any idea how to fix it??

By the way the memory problem seems to be fxeded so i can use the new=20
nightly build in production. Gratulation :-)

Regards Stefan

=3D=3D=3D=3D
Here is the code i changed

   function _checkPass($submitted_password, $stored_password) {
        if(!empty($submitted_password)) {
            //FIXME: This will work only on plaintext passwords.
            if (strlen($stored_password) < PASSWORD_LENGTH_MINIMUM) {
                // With the EditMetaData plugin
                trigger_error(_("The length of the stored password is=20
shorter than the system policy allows. Sorry, you cannot login.\n You=20
have to ask the System Administrator to reset your password."));
                return false;
            }
            if (strlen($submitted_password) < PASSWORD_LENGTH_MINIMUM)
                return false;
            if (ENCRYPTED_PASSWD) {
                // Verify against encrypted password.
                if (function_exists('crypt')) {

                   //von Stefan Schorn eingef=FCgt wegen SMF Authentifizi=
erung

                   $userid =3D $this->_userid;
                   $key =3D strtolower($userid);
                   $data =3D $submitted_password;

                   $key =3D str_pad(strlen($key) <=3D 64 ? $key : pack('H=
*',=20
md5($key)), 64, chr(0x00));
         $md5_key =3D  md5(($key ^ str_repeat(chr(0x5c), 64)) . pack('H*'=
,=20
md5(($key ^ str_repeat(chr(0x36), 64)). $data)));

                    if (crypt($submitted_password,=20
substr($submitted_password, 0, 2)) =3D=3D $stored_password )
                        return true; // matches encrypted password
                    elseif (crypt($submitted_password, =20
$stored_password) =3D=3D $stored_password )
                        return true; // matches encrypted password
                    elseif ($md5_key =3D=3D $stored_password )
                        return true; // matches encrypted passWord
                    else
                        return false;
                }
                else {
                    trigger_error(_("The crypt function is not available=20
in this version of PHP.") . " "
                                  . _("Please set ENCRYPTED_PASSWD to=20
false in config/config.ini and probably change ADMIN_PASSWD."),
                                  E_USER_WARNING);
                    return false;
                }
            }
            else {
                // Verify against cleartext password.
                if ($submitted_password =3D=3D $stored_password)
                    return true;
                else {
                    // Check whether we forgot to enable ENCRYPTED_PASSWD
                    if (function_exists('crypt')) {
                        if (crypt($submitted_password, $stored_password)=20
=3D=3D $stored_password) {
                            trigger_error(_("Please set ENCRYPTED_PASSWD=20
to true in config/config.ini."),
                                          E_USER_WARNING);
                            return true;
                        }
                    }
                }
            }
        }
        return false;
    }



searchadm wrote:

> Hallo,
>
> i try to change userauth to verify users against the user database of=20
> SMF (board software). problem is, they use md5 and crypt to store the=20
> passwords.
> Their login code looks like following:
>
>    if ($user_settings['passwd'] =3D=3D crypt($_REQUEST['passwrd'],=20
> substr($_REQUEST['passwrd'], 0, 2)) || $user_settings['passwd'] =3D=3D=20
> md5($_REQUEST['passwrd']))
>    {
>        updateMemberData($user_settings['ID_MEMBER'], array('passwd' =3D=
>=20
> '\'' . $md5_passwrd . '\''));
>        $user_settings['passwd'] =3D $md5_passwrd;
>    }
>    // What about if the user has come from vBulletin or Invision? =20
> Let's welcome them with open arms \o/.
>    elseif ($user_settings['passwordSalt'] !=3D '' &&=20
> ($user_settings['passwd'] =3D=3D md5(md5($_REQUEST['passwrd']) .=20
> $user_settings['passwordSalt']) || $user_settings['passwd'] =3D=3D=20
> md5(md5($user_settings['passwordSalt']) . md5($_REQUEST['passwrd']))))
>    {
>        // Get our new encryption in!
>        updateMemberData($user_settings['ID_MEMBER'], array('passwd' =3D=
>=20
> '\'' . $md5_passwrd . '\'', 'passwordSalt' =3D> '\'\''));
>        $user_settings['passwd'] =3D $md5_passwrd;
>    }
>
> ist it possible to use it in phpwiki also?
>
> Regards Stefan
>
>
> -------------------------------------------------------
> This Newsletter Sponsored by: Macrovision For reliable Linux=20
> application installations, use the industry's leading
> setup authoring tool, InstallShield X. Learn more and evaluate today.=20
> http://clk.atdmt.com/MSI/go/ins0030000001msi/direct/01/
> _______________________________________________
> Phpwiki-talk mailing list
> Php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpwiki-talk
>