(2015-01-28, 01:34 PM)dragonexpert Wrote: [ -> ]I think what would be the most ideal, although probably won't be implemented, is giving an admin a list of options for hashing method.
most people who run starting up forums are idiots who probably don't even know the difference between which is better
i would just leave it how it is
(2015-01-28, 01:34 PM)dragonexpert Wrote: [ -> ]I think what would be the most ideal, although probably won't be implemented, is giving an admin a list of options for hashing method.
What about allowing plugins easy access (hooks) to the salting
(2015-01-28, 03:34 PM)Rakes Wrote: [ -> ] (2015-01-28, 01:34 PM)dragonexpert Wrote: [ -> ]I think what would be the most ideal, although probably won't be implemented, is giving an admin a list of options for hashing method.
What about allowing plugins easy access (hooks) to the salting
I'd definitely like to see hooks whenever hashing or checking passwords. The rest of the team has to agree though. I was all for bumping the requirements up to PHP 5.3 and using password_compat/password_hash() with BCrypt as the default password hashing mechanism. Unfortunately it was decided that we should stay supporting PHP 5.2.
(2015-01-28, 04:05 PM)Euan T Wrote: [ -> ] (2015-01-28, 03:34 PM)Rakes Wrote: [ -> ] (2015-01-28, 01:34 PM)dragonexpert Wrote: [ -> ]I think what would be the most ideal, although probably won't be implemented, is giving an admin a list of options for hashing method.
What about allowing plugins easy access (hooks) to the salting
I'd definitely like to see hooks whenever hashing or checking passwords. The rest of the team has to agree though. I was all for bumping the requirements up to PHP 5.3 and using password_compat/password_hash() with BCrypt as the default password hashing mechanism. Unfortunately it was decided that we should stay supporting PHP 5.2.
Why not "backsupport"? I've never gotten why some devs thinks it's worth like "ruining" it for people who doesn't use ancient versions, like... 5.2 came out almost 10 years ago. And most libraries around only support the minimum of 5.3.
I'm not sure what you mean by "backsupport". The next chance we'll get to bump version requirements will be 2.0, and the minimum (as it stands right now) will be PHP 5.4 for that. Unfortunately the team decided 1.8 should run anywhere 1.6 did, which is also why my proposal of allowing Closures when hooking in plugins was rejected.
Backward compatible; using the old style for the older ones. (Just got back from work so I'm a bit tired)
Yea I've been looking at just making my own software as I don't really feel the vibe from MyBB anymore due to the way it's being developed at the moment; and yes I've been watching it for years.
(2015-01-28, 04:36 PM)Rakes Wrote: [ -> ]Backward compatible; using the old style for the older ones.
That's simply not possible, imagine someone switches back to PHP 5.2 (which is supported) and all passwords are gone. Shared hosting environments are known for using "ancient" PHP versions.
I wish we could use BCrypt, but PHP >=5.3.7 is a pretty high requirement.
It's not really Stefan. 5.3 reached End of Life 5 months ago, 5.2 reached End of Life 4
years ago.
http://php.net/eol.php
If your host doesn't offer 5.3 as a minimum and you're paying them, they're ripping you off. Heck, I'd expect 5.4 as a minimum. It's like buying a PC and finding it's running Windows ME...
@Euan: You don't have to tell me.
According to the installation statistics we have over 10% of users with PHP 5.2 that's even more than PHP 5.5 users. Anyway it's too late to change the requirements...
(2015-01-28, 05:04 PM)Euan T Wrote: [ -> ]If your host doesn't offer 5.3 as a minimum and you're paying them, they're ripping you off. Heck, I'd expect 5.4 as a minimum. It's like buying a PC and finding it's running Windows ME...
Some customers want to use the newest PHP features, other want support for their old PHP scripts that don't work with new PHP versions. There are hosts that let the customer select the preferred PHP version others unfortunately just stick to PHP 5.2.
