#379 chance_sqlpass plugin: Fix md5sum() generated passwords

closed-fixed
None
5
2005-12-07
2005-11-29
j5redix
No

Description: chance_sqlpass does not include md5crypt
function correctly into functions.php file, it also
doesnt generate md5crypt passwords correcty.

The md5crypt.php patch was retrieved from postfixadmin
package.

Discussion

  • Thijs Kinkhorst

    Thijs Kinkhorst - 2005-12-02

    Logged In: YES
    user_id=285765

    Thanks for the patch, but just replacing one implementation
    with another doesn't seem a guarrantee that bugs are fixed.
    What bug is in the original code?

    BTW, I'm no expert on this plugin, but aren't there php
    builtin functions we can use for this?

     
  • Tomas Kuliavas

    Tomas Kuliavas - 2005-12-04

    Logged In: YES
    user_id=225877

    kink: md5() function does not provide md5crypt support. You
    can use crypt() function with appropriate salt, but it will
    depend on system crypt libraries. MD5 crypt is supported in
    glibc2 and BSD libraries. I can check if it is supported in
    WinXP IIS 5.1 + PHP 5.0.4 tomorrow.

    j5redix:
    create_salt() function is not needed. Use
    GenerateRandomString() function available in any
    SquirrelMail version.

    don't use hex2bin() function. name is too generic and it is
    already used by mail_fetch plugin. Original plugin code
    renamed function name in order to fix function name conflict.

    your patch globalizes two variables, that are used only in
    one place. Original plugin code is better, because it sets
    variables inside functions.

    Don't strip author's information. Code is not yours. It is
    copyrighted.

    Please create patch that shows changes made in this library.
    It is hard to see changed lines when most of changes are
    only in whitespace or formating. diff -uw

    P.S. Change SQL Password plugin can't use md5crypt.php file
    without copyright clarification by library developer.

     
  • Tomas Kuliavas

    Tomas Kuliavas - 2005-12-04
    • assigned_to: nobody --> pdontthink
     
  • j5redix

    j5redix - 2005-12-06

    Logged In: YES
    user_id=1272492

    Hi,

    I'll be very quick on my reply;

    - I agree with all the things you said.
    - Removing the copyrighted information was just a error
    creating the patch (sorry about that), i've just submitted
    this patch to help users who's getting this kind of problem,
    its not a final patch.

    Best regards

     
  • Tomas Kuliavas

    Tomas Kuliavas - 2005-12-06

    Logged In: YES
    user_id=225877

    WinXP Pro IIS 5.1, PHP 5.0.4 and 5.1.1 crypt() support:

    CRYPT_STD_DES - int(1)
    CRYPT_EXT_DES - int(0)
    CRYPT_MD5 - int(1)
    CRYPT_BLOWFISH - int(0)

     
  • Paul Lesniewski

    Paul Lesniewski - 2005-12-07
    • status: open --> closed-fixed
     
  • Paul Lesniewski

    Paul Lesniewski - 2005-12-07

    Logged In: YES
    user_id=508228

    Please don't submit patches w/out contacting plugin author
    or posting on plugins mailing list as stated in README.
    Plugin devel code already fixes include error. Release on
    SM site is pending; if you want advanced copy email plugin
    author directly.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks