2015-06-11, 05:14 AM
2015-06-11, 05:16 AM
(2015-06-11, 05:14 AM)mikeorman Wrote: [ -> ]Then change that code. Make sure to remove it for both the new password and the old password confirmation.
I have changed the code. I am looking for one part of the code that is not in the obvious place.
I understand that you're trying to help and I'm grateful for it, but you're really not helping at all.
2015-06-11, 05:30 AM
check in ~/inc/functions_user.php file
2015-06-11, 05:31 AM
(2015-06-11, 05:30 AM).m. Wrote: [ -> ]check in ~/inc/functions_user.php file
My apologies, but I already have.
EDIT: The salt_password function is the only place that still uses md5, and it (should be) only called whenever the user logs in with a md5 password in the database.
EDIT2: just did a grep for salt_password, it's only used in these three locations:
./inc/datahandlers/login.php
./inc/functions_user.php
./inc/plugins/loginconvert.php
all of which are related to logging in.
Just thought that I'd clarify that these features are not effected by the random md5:
>reset password
>login
>register
>password validation when changing settings
The only thing effected is; when the user changes their password via the usercp, the password is still hashed as md5 and stored in the database, with no visible trace of where the md5 is coming from.
2015-06-11, 01:07 PM
At this point im 99% sure that your problem lays in the old password confirmation. but since you want to be a condescending raisin ill let someone else help ya.
good day.
good day.
2015-06-11, 01:10 PM
With these changes made to the core only, the final query includes the bcrypt output in the password field.
2015-06-11, 02:03 PM
(2015-06-11, 01:10 PM)Devilshakerz Wrote: [ -> ]With these changes made to the core only, the final query includes the bcrypt output in the password field.
Which is what I intended. The problem is that somewhere after the changes, the bcrypt hash is wrapped in md5 and does not work at all.
(2015-06-11, 01:07 PM)mikeorman Wrote: [ -> ]At this point im 99% sure that your problem lays in the old password confirmation. but since you want to be a condescending raisin ill let someone else help ya.
good day.
I've tried to remain polite replying to your posts, but you insist on suggesting things that are in no way related to my issue.
I'm sorry if you find me condescending, but you're not helping at all.
Just to re-clarify; the old password validates successfully and the password change returns as a "success".
2015-06-11, 02:19 PM
(2015-06-11, 04:48 AM)cronhound Wrote: [ -> ]Basically, I'm looking for the random md5 that gets used when the user updates their password, from what I can tell, the password is changed through the "user" datahandler.
md5 is a regular php function.
2015-06-11, 02:21 PM
So is the hash reverted/set to some md5 hash in the database after the bcrypt UPDATE query is executed?
2015-06-11, 02:22 PM
(2015-06-11, 02:19 PM)Ad Bakker Wrote: [ -> ](2015-06-11, 04:48 AM)cronhound Wrote: [ -> ]Basically, I'm looking for the random md5 that gets used when the user updates their password, from what I can tell, the password is changed through the "user" datahandler.
mdg is a regular php function.
I am aware that md5 is a regular php function.
I am asking where the function is used.
I have a slight suspicion as to what the problem is, I'll check and edit this post with the results.
EDIT: I was incorrect with my suspicion.