Menu
▾
▴
phpwiki-talk
|
From: searchadm <sea...@go...> - 2004-10-28 15:26:26
|
Hallo,
i try to change userauth to verify users against the user database of
SMF (board software). problem is, they use md5 and crypt to store the
passwords.
Their login code looks like following:
if ($user_settings['passwd'] == crypt($_REQUEST['passwrd'],
substr($_REQUEST['passwrd'], 0, 2)) || $user_settings['passwd'] ==
md5($_REQUEST['passwrd']))
{
updateMemberData($user_settings['ID_MEMBER'], array('passwd' =>
'\'' . $md5_passwrd . '\''));
$user_settings['passwd'] = $md5_passwrd;
}
// What about if the user has come from vBulletin or Invision?
Let's welcome them with open arms \o/.
elseif ($user_settings['passwordSalt'] != '' &&
($user_settings['passwd'] == md5(md5($_REQUEST['passwrd']) .
$user_settings['passwordSalt']) || $user_settings['passwd'] ==
md5(md5($user_settings['passwordSalt']) . md5($_REQUEST['passwrd']))))
{
// Get our new encryption in!
updateMemberData($user_settings['ID_MEMBER'], array('passwd' =>
'\'' . $md5_passwrd . '\'', 'passwordSalt' => '\'\''));
$user_settings['passwd'] = $md5_passwrd;
}
ist it possible to use it in phpwiki also?
Regards Stefan
|
|
From: searchadm <sea...@go...> - 2004-10-29 15:58:30
|
I changed the code at the end of this mail in WikiUserNew.php and it=20
works fine for me and my problem....
one problem is still alive but its no problem of my changed code i=20
think. when i log in as user and use Microsoft Browser the Login keeps=20
beeing alive all the session.
When i use the newest Firefox and Mozilla and i switch from one page to=20
the other inside the wiki the Login is lost and i have to reauth.
Is there any idea how to fix it??
By the way the memory problem seems to be fxeded so i can use the new=20
nightly build in production. Gratulation :-)
Regards Stefan
=3D=3D=3D=3D
Here is the code i changed
function _checkPass($submitted_password, $stored_password) {
if(!empty($submitted_password)) {
//FIXME: This will work only on plaintext passwords.
if (strlen($stored_password) < PASSWORD_LENGTH_MINIMUM) {
// With the EditMetaData plugin
trigger_error(_("The length of the stored password is=20
shorter than the system policy allows. Sorry, you cannot login.\n You=20
have to ask the System Administrator to reset your password."));
return false;
}
if (strlen($submitted_password) < PASSWORD_LENGTH_MINIMUM)
return false;
if (ENCRYPTED_PASSWD) {
// Verify against encrypted password.
if (function_exists('crypt')) {
//von Stefan Schorn eingef=FCgt wegen SMF Authentifizi=
erung
$userid =3D $this->_userid;
$key =3D strtolower($userid);
$data =3D $submitted_password;
$key =3D str_pad(strlen($key) <=3D 64 ? $key : pack('H=
*',=20
md5($key)), 64, chr(0x00));
$md5_key =3D md5(($key ^ str_repeat(chr(0x5c), 64)) . pack('H*'=
,=20
md5(($key ^ str_repeat(chr(0x36), 64)). $data)));
if (crypt($submitted_password,=20
substr($submitted_password, 0, 2)) =3D=3D $stored_password )
return true; // matches encrypted password
elseif (crypt($submitted_password, =20
$stored_password) =3D=3D $stored_password )
return true; // matches encrypted password
elseif ($md5_key =3D=3D $stored_password )
return true; // matches encrypted passWord
else
return false;
}
else {
trigger_error(_("The crypt function is not available=20
in this version of PHP.") . " "
. _("Please set ENCRYPTED_PASSWD to=20
false in config/config.ini and probably change ADMIN_PASSWD."),
E_USER_WARNING);
return false;
}
}
else {
// Verify against cleartext password.
if ($submitted_password =3D=3D $stored_password)
return true;
else {
// Check whether we forgot to enable ENCRYPTED_PASSWD
if (function_exists('crypt')) {
if (crypt($submitted_password, $stored_password)=20
=3D=3D $stored_password) {
trigger_error(_("Please set ENCRYPTED_PASSWD=20
to true in config/config.ini."),
E_USER_WARNING);
return true;
}
}
}
}
}
return false;
}
searchadm wrote:
> Hallo,
>
> i try to change userauth to verify users against the user database of=20
> SMF (board software). problem is, they use md5 and crypt to store the=20
> passwords.
> Their login code looks like following:
>
> if ($user_settings['passwd'] =3D=3D crypt($_REQUEST['passwrd'],=20
> substr($_REQUEST['passwrd'], 0, 2)) || $user_settings['passwd'] =3D=3D=20
> md5($_REQUEST['passwrd']))
> {
> updateMemberData($user_settings['ID_MEMBER'], array('passwd' =3D=
>=20
> '\'' . $md5_passwrd . '\''));
> $user_settings['passwd'] =3D $md5_passwrd;
> }
> // What about if the user has come from vBulletin or Invision? =20
> Let's welcome them with open arms \o/.
> elseif ($user_settings['passwordSalt'] !=3D '' &&=20
> ($user_settings['passwd'] =3D=3D md5(md5($_REQUEST['passwrd']) .=20
> $user_settings['passwordSalt']) || $user_settings['passwd'] =3D=3D=20
> md5(md5($user_settings['passwordSalt']) . md5($_REQUEST['passwrd']))))
> {
> // Get our new encryption in!
> updateMemberData($user_settings['ID_MEMBER'], array('passwd' =3D=
>=20
> '\'' . $md5_passwrd . '\'', 'passwordSalt' =3D> '\'\''));
> $user_settings['passwd'] =3D $md5_passwrd;
> }
>
> ist it possible to use it in phpwiki also?
>
> Regards Stefan
>
>
> -------------------------------------------------------
> This Newsletter Sponsored by: Macrovision For reliable Linux=20
> application installations, use the industry's leading
> setup authoring tool, InstallShield X. Learn more and evaluate today.=20
> http://clk.atdmt.com/MSI/go/ins0030000001msi/direct/01/
> _______________________________________________
> Phpwiki-talk mailing list
> Php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpwiki-talk
>
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X