1
snouto
MD5 Help please
  • 2007/1/31 13:11

  • snouto

  • Just popping in

  • Posts: 3

  • Since: 2004/11/4


hello everybody in this forum.

in XOOPS CMS , it stores passwords in hash using MD5 hash , and when users login it converts the password into md5 and compare the hash retrieved from the database .

i don't want XOOPS to store passwords in hash using MD5 (this step i solved) but when i login it gives me incorrect login cause there is a piece of code (nowhere , i don't find it) that hashes the entered password during logging in and compare the unhashed one stored earlier in the database , i need to find the code that hashes the password during checking login .

Please help guys please.

2
vaughan
Re: MD5 Help please
  • 2007/1/31 13:32

  • vaughan

  • Friend of XOOPS

  • Posts: 680

  • Since: 2005/11/26


why don't you want XOOPS to store md5 hashed passwords? if you don't mind me asking.

it's a security feature that protects users from unscrupulous webmasters going thru the db and seeing what passwords their users have, many users use the same password on many sites, including online banking.

do you expect us to tell you how to remove that small piece of protection for the unknowing public?

also please post the links to your sites where you are removing the md5 hash, so i can make a note not to register there..

3
iHackCode
Re: MD5 Help please

Which Version Of XooPS? (Might be important)

well for 2.0.15 (the only current version i had on my test machine).
i think this is it... modify the loginuser method.
file: kernel/member.php (some code from it. i like pasting in code.) --
[color=006600]       /**
     * log in a user
     * 
     * @param string $uname username as entered in the login form
     * @param string $pwd password entered in the login form
     * @return object XoopsUser reference to the logged in user. FALSE if failed to log in 
     */ 
[/color]
function &
loginUser($uname$pwd)
    {
        
$criteria = new CriteriaCompo(new Criteria('uname'$uname));
        
$criteria->add(new Criteria('pass', [color=CC3300md5($pwd)[/color]));
        
$user $this->_uHandler->getObjects($criteriafalse);
        if (!
$user || count($user) != 1) {
            
$user false;
            return 
$user;
        }
        return 
$user[0];
    }

.. enter .. disclaimer.. for me not being responsible for things messing up.. .. good luck.
CBB / LatestNews / Publisher / XM-Spotlight

(ノ◕ヮ◕)ノ*:・゚✧

4
iHackCode
Re: MD5 Help please

Quote:

vaughan wrote:
why don't you want XOOPS to store md5 hashed passwords? if you don't mind me asking.


i assumed that it was for testing. or maybe they are gonna use a different encryption method.
CBB / LatestNews / Publisher / XM-Spotlight

(ノ◕ヮ◕)ノ*:・゚✧

5
snouto
Re: MD5 Help please
  • 2007/1/31 15:26

  • snouto

  • Just popping in

  • Posts: 3

  • Since: 2004/11/4


Guys mercy on me.

i am developing a windows based project and i need to link that project to the database in XOOPS i tried to use md5 hash to compare passwords in my project but it seems that the encryption algorithm for the md5 class differs from that the php preprocessor use to hash passwords i got different hashes for the same password which that is impractically and not found in theories also .

So any suggestion.

Login

Who's Online

328 user(s) are online (231 user(s) are browsing Support Forums)


Members: 0


Guests: 328


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits