• Cereal
  • Senior Member
  • Offline
  • From: Belgium
  • Registered: 2006-06-05
  • Posts: 123

Topic: sha1 hash to crypt hash

hi,

what should be changed to switch from a sha1 hash to simple crypt hashes?

i checnged the cookie_login and the login.php to compare against crypt hashes, now i can login, but there is something wrong with the cookie, anyone sho can give some help what else needs to be changed?

or even better how i could do this with an extension ....

~Cereal
I've finally learned what "upward compatible" means. It means we get to keep all our old mistakes.
The limits of language are the limits of one's world.

Cereal's Website

2 Reply by Cereal (edited by Cereal 2009-01-05 20:17)

  • Cereal
  • Senior Member
  • Offline
  • From: Belgium
  • Registered: 2006-06-05
  • Posts: 123

Re: sha1 hash to crypt hash

i already added the folowing hook for the plugin:

                <hook id="li_login_pre_auth_message"><![CDATA[
                        if ( $db_password_hash == crypt($form_password, $db_password_hash) )
                                $authorized = true;
                ]]></hook>

and the forum_hash hook to create a crypt instead of a sha: fn_forum_hash_start


but now i have to fix up authenticate_user and the cookie values, any ideas on what i should change?

~Cereal
I've finally learned what "upward compatible" means. It means we get to keep all our old mistakes.
The limits of language are the limits of one's world.

Cereal's Website

  • User33
  • PunBB senior member
  • Offline
  • Registered: 2008-02-03
  • Posts: 875

Re: sha1 hash to crypt hash

Line 1176, perhaps.

(!$password_is_hash && forum_hash($password, $forum_user['salt']) != $forum_user['password']))
  • Cereal
  • Senior Member
  • Offline
  • From: Belgium
  • Registered: 2006-06-05
  • Posts: 123

Re: sha1 hash to crypt hash

yeah i changed the forum_hash function and the login.php (with a hook) but still the cookie is giving errors ...

~Cereal
I've finally learned what "upward compatible" means. It means we get to keep all our old mistakes.
The limits of language are the limits of one's world.

Cereal's Website

  • Cereal
  • Senior Member
  • Offline
  • From: Belgium
  • Registered: 2006-06-05
  • Posts: 123

Re: sha1 hash to crypt hash

to be exact:

1- login successfull
2- i get the folowing message

You appear to have logged in successfully, however a cookie has not been set. Please check your settings and if applicable, enable cookies for this website.

~Cereal
I've finally learned what "upward compatible" means. It means we get to keep all our old mistakes.
The limits of language are the limits of one's world.

Cereal's Website

  • Cereal
  • Senior Member
  • Offline
  • From: Belgium
  • Registered: 2006-06-05
  • Posts: 123

Re: sha1 hash to crypt hash

i found the 2 trouble pars in the code

in cookie_login

                // We now validate the cookie hash
                #if ($cookie['expire_hash'] !== sha1($forum_user['salt'].$forum_user['password'].forum_hash(intval($cookie['expiration_time']), $forum_user['salt'])))
                #       set_default_user();

in authenticate_user

if (!isset($forum_user['id']) ||
               ($password_is_hash && $password != $forum_user['password']) ||
               (!$password_is_hash && forum_hash($password, $forum_user['salt']) != $forum_user['password']))
               set_default_user();

but no hooks around it to fix this .... any ideas on otehr hooks?

~Cereal
I've finally learned what "upward compatible" means. It means we get to keep all our old mistakes.
The limits of language are the limits of one's world.

Cereal's Website

  • User33
  • PunBB senior member
  • Offline
  • Registered: 2008-02-03
  • Posts: 875

Re: sha1 hash to crypt hash

The way I see it, there's only one way to do it: use the 'fn_cookie_login_start' hook and copy the whole function to your extension and change it the way you want, then use 'return true' so the function doesn't repeat.

  • Cereal
  • Senior Member
  • Offline
  • From: Belgium
  • Registered: 2006-06-05
  • Posts: 123

Re: sha1 hash to crypt hash

well going to see if i can write a simplepage so users can login with there old pass, and set a new pass for punbb using the forum_hash function ....

it will be much easyer, since i already ahve an authentication system that uses crypt hashes

~Cereal
I've finally learned what "upward compatible" means. It means we get to keep all our old mistakes.
The limits of language are the limits of one's world.

Cereal's Website