Easiest would probably be to make the MyBB file verification itself print out the md5 it's testing against. Then you wouldn't need another software to calculate MD5 for you.
Just looking at the code - why the heck is verify_files() in inc/functions.php when it's only used in the Admin CP? Nobody knows... oh well.
ANYWAY
in inc/functions.php
// Does it match any of our hashes (unix/windows new lines taken into consideration with the hashes)
if(!in_array($md5, $checksums[$file_path]))
{
$bad_verify_files[] = array("status" => "changed", "path" => $file_path);
}
replace
// Does it match any of our hashes (unix/windows new lines taken into consideration with the hashes)
if(!in_array($md5, $checksums[$file_path]))
{
$bad_verify_files[] = array("status" => "changed: {$md5}", "path" => $file_path);
}
This way it will print the new checksum directly in the admin cp file verification tool
(2011-01-05, 07:24 PM)Gary Bolton Wrote: [ -> ]I think the program I'm using that worked OK for vBulletin MD5's. Is not doing so with MyBB MD5's. I just tried doing it two ways then. First I removed 4 mentions of the file: /global.php
2ce4bdaf0850302cd05f3422507c9983 ./global.php
1495a3bacb531902dac41dbcc87a9fd5 ./global.php
2ce4bdaf0850302cd05f3422507c9983 ./global.php
007a5a4fc6794e0665dd5518110999b4 ./global.php
Putting this there instead: (new MD5 got using the program Traders Little Helper)
53885eada92708750939731d3ddb8beb ./global.php
53885eada92708750939731d3ddb8beb ./global.php
53885eada92708750939731d3ddb8beb ./global.php
53885eada92708750939731d3ddb8beb ./global.php
What program with get the correct MD5's to work with for MyBB.
When I do this:
<?php
echo md5_file("/Applications/XAMPP/xamppfiles/htdocs/mybb/mybb_16x_plugins/global.php");
echo "\n";
echo md5(file_get_contents("/Applications/XAMPP/xamppfiles/htdocs/mybb/mybb_16x_plugins/global.php"));
?>
I get this for both: 2ce4bdaf0850302cd05f3422507c9983
Which is the same as in the default checksum file. Not really sure how many ways there are to get the MD5 of the contents of a file, these two ways are what I've always used.
(2011-01-05, 07:37 PM)frostschutz Wrote: [ -> ]Easiest would probably be to make the MyBB file verification itself print out the md5 it's testing against. Then you wouldn't need another software to calculate MD5 for you.
Just looking at the code - why the heck is verify_files() in inc/functions.php when it's only used in the Admin CP? Nobody knows... oh well.
ANYWAY
in inc/functions.php
// Does it match any of our hashes (unix/windows new lines taken into consideration with the hashes)
if(!in_array($md5, $checksums[$file_path]))
{
$bad_verify_files[] = array("status" => "changed", "path" => $file_path);
}
replace
// Does it match any of our hashes (unix/windows new lines taken into consideration with the hashes)
if(!in_array($md5, $checksums[$file_path]))
{
$bad_verify_files[] = array("status" => "changed: {$md5}", "path" => $file_path);
}
This way it will print the new checksum directly in the admin cp file verification tool
That worked just perfect for me. I just looked at the MD5 printed in the setting and copied that instead to the release_mybb_1601.txt file.
Now it's been accepted OK, no problem. It was also a different MD5 given from the one I was shown using two different Md5 programs now to check the global.php file.
Cheers on that one, works spot on and makes it very easy to get the MD5 direct from the admin cp
This was the new MD5 given using two programs, both showed the same result.
53885eada92708750939731d3ddb8beb ./global.php
Your way, edited the functions.php file. Showed this instead (which has been OK'd)
fdf8463351438e4642e3beeae3594511 ./global.php
This troubles me enough to warrant further discussion. Why would the MD5 generated by myBB be different than the MD5 generated by anything else?
Regardless of that answer, the OP is totally on to something here even if noone wishes to think a bit deeper on the security subject.
1.) Place a local copy 1801.txt file is imperfect due to the need to manually update it and if a server is compromised there is doubt you can trust it.
2.) Whether a file is green (ok) or red (changed) doesn't give you a baseline.
To the point the OP and then everyone else chimed in on, knowing the file changed is "nice" but since we all customize our variants, the OK/CHANGED doesn't get you very far. The bb code has the ability to retrieve updated template/build files, *(none have been available for me since I installed so I dont know how this is handled when there are updates..).. but the logic here seems to me that if a file is "changed" from an MD5 stored on the myBB server, offer an option to show a diff comparison string. Then the admin can literally "SEE" the change.
Furthermore, for ease of access and if a change is to be made, perhaps store the delta diffs in a table as an inline patch file. Then (assuming security being compromised is partially excluded), allow the admin to "CHECK IN" the change, which will A.) turn it green OK, and B.) store the delta patch file in the db for later retrieval.
It would afford the admin the opportunity to accept updated files from MYBB team without compromising their customizations, and it would allow them the asurity of piece of mind & history of modifications if needed for further review.
(2015-09-01, 11:14 PM)noybman Wrote: [ -> ]It would afford the admin the opportunity to accept updated files from MYBB team without compromising their customizations
Can't help with your verification issue, but for keeping code changes, there is my Patches plugin...