MyBB Community Forums

MyBB Community Forums > 1.8 Support > General Support > Duplicate code or magic? (ninja md5 somewhere)
Full Version: Duplicate code or magic? (ninja md5 somewhere)
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3

cronhound

2015-06-11, 04:48 AM
Basically, I'm looking for the random md5 that gets used when the user updates their password, from what I can tell, the password is changed through the "user" datahandler.

I've searched my entire modified file, yet I cannot find the md5 that still seems to magically wrap itself around $user['saltedpw'].

A grep for md5( has returned no obvious answers.

Changing the password via the usercp is the only thing effected by the magical md5.

TL;DR: The password stored in the database is MD5 when it should be bcrypt.

EDIT: this was a pebkac error. I cry every time.

mikeorman

2015-06-11, 04:52 AM
I don't understand your question.

Sazze

2015-06-11, 04:53 AM
//return a bcrypt hash
include_once(dirname(__FILE__)."/bcrypt/bcrypt.php");
$hasher = new BcryptHasher;
$user['saltedpw'] = $hasher->make($user['password']);

Perhaps?

cronhound

2015-06-11, 04:55 AM
(2015-06-11, 04:52 AM)mikeorman Wrote: [ -> ]I don't understand your question.

It's a question that the MyBB developers should understand or someone that knows the MyBB core well.
(2015-06-11, 04:53 AM)Akay Wrote: [ -> ]
//return a bcrypt hash
include_once(dirname(__FILE__)."/bcrypt/bcrypt.php");
$hasher = new BcryptHasher;
$user['saltedpw'] = $hasher->make($user['password']);

Perhaps?

No, there's nothing to do with md5 in that snippet of code.

The md5 happens later and wraps around that bcrypt hash.

mikeorman

2015-06-11, 04:59 AM
Maybe this will help you http://community.mybb.com/thread-75972.html

cronhound

2015-06-11, 05:03 AM
(2015-06-11, 04:59 AM)mikeorman Wrote: [ -> ]Maybe this will help you http://community.mybb.com/thread-75972.html


I'm sorry, but it did not. Thanks anyway.

mikeorman

2015-06-11, 05:03 AM
Maybe if you could be a little more specific of what your looking for or why I could be of more use to you.

cronhound

2015-06-11, 05:09 AM
(2015-06-11, 05:03 AM)mikeorman Wrote: [ -> ]Maybe if you could be a little more specific of what your looking for or why I could be of more use to you.

Like I said, my question is understandable to the people that would know the answer.

But here is my question in an easier to understand format anyway:
My forum has been modified to use bcrypt instead of the default md5. Every single feature related to the password works, apart from this one.

The password gets hashed as bcrypt, but before it is stored in the database, there is an unknown md5() being applied to the $user['saltedpw'] variable.

I have searched for this md5( by performing a grep (a search feature on unix based operating systems) and have not gotten any obvious results.

I am asking where the md5 related to the change password (via the usercp) feature is called.

mikeorman

2015-06-11, 05:11 AM
Can't you just edit the registration code to remove this?

cronhound

2015-06-11, 05:12 AM
(2015-06-11, 05:11 AM)mikeorman Wrote: [ -> ]Can't you just edit the registration code to remove this?

The problem is not with the registration code, the problem is with the change password via the usercp feature.
Pages: 1 2 3
MyBB Community Forums > 1.8 Support > General Support > Duplicate code or magic? (ninja md5 somewhere)