Genoa 0.6.24 users.profile.inc.php password update problem

MecTruy	#1 2012-10-10 07:45
Members Thanked: 10 times	Genoa 0.6.24 system/core/users/users.profile.inc.php password update problem, if you want change your password, you can't because users.profile.inc.php have a problem ! so we know cotonti password system changed with sha256 salt. but users.profile.inc.php just using md5 Crypt system, i did fix this. i did share fix codes, but Trustmaster must be control my codes, its working but maybe i did little wrong :) fix code: http://www.cotonti.com/pastebin/196 Kurta sormuşlar senin ensen neden kalın ? diye, Kendi işimi kendim yaparımda ondan demiş...
This post was edited by MecTruy (2012-10-10 13:30, 11 years ago)

MecTruy

#1 2012-10-10 07:45

Genoa 0.6.24 system/core/users/users.profile.inc.php password update problem, if you want change your password, you can't because users.profile.inc.php have a problem ! so we know cotonti password system changed with sha256 salt. but users.profile.inc.php just using md5 Crypt system, i did fix this. i did share fix codes, but Trustmaster must be control my codes, its working but maybe i did little wrong :)

fix code: http://www.cotonti.com/pastebin/196

Kurta sormuşlar senin ensen neden kalın ? diye, Kendi işimi kendim yaparımda ondan demiş...

This post was edited by MecTruy (2012-10-10 13:30, 11 years ago)

pieter	#2 2012-10-10 09:57
Team Thanked: 9 times	Please use pastbin to put in a lot of code: http://www.cotonti.com/pastebin/ ... can we help you ...

Trustmaster	#3 2012-10-10 18:33
Administrators Thanked: 263 times	Can anybody confirm the problem? I've just tested on a Genoa 0.6.24 instance and I was able to update the old md5 password to a new sha256 in profile. May the Source be with you!

MecTruy	#4 2012-10-15 10:47
Members Thanked: 10 times	Trustmaster, have a problem you can control $roldpass = md5($roldpass); look this where is sha256 salt ? old account always must use md5 passwords. Kurta sormuşlar senin ensen neden kalın ? diye, Kendi işimi kendim yaparımda ondan demiş...

Trustmaster	#5 2012-10-15 17:14
Administrators Thanked: 263 times	Old accounts use md5() hashes, this is default behavior. They are only updated to sha256 when they change password in profile. You don't need to use md5() function in profile because it is used by sed_hash() if current user_hashfunc value is md5 (which is so for existing users). If there are problems with that, then patch-0.6.23-0.6.24.sql is not applied correctly on your database. May the Source be with you!

Trustmaster

#5 2012-10-15 17:14

Administrators
Thanked: 263 times

Old accounts use md5() hashes, this is default behavior. They are only updated to sha256 when they change password in profile. You don't need to use md5() function in profile because it is used by sed_hash() if current user_hashfunc value is md5 (which is so for existing users). If there are problems with that, then patch-0.6.23-0.6.24.sql is not applied correctly on your database.

May the Source be with you!

MecTruy	#6 2012-10-16 07:31
Members Thanked: 10 times	i understand now, it means who is using md5 password they will stay always with this hash only new member will use sha256, but with my code when time you will update your password change with sha256 :) http://www.cotonti.com/pastebin/196 Kurta sormuşlar senin ensen neden kalın ? diye, Kendi işimi kendim yaparımda ondan demiş...

Trustmaster	#7 2012-10-16 11:42
Administrators Thanked: 263 times	but with my code when time you will update your password change with sha256 :) Same is done in 0.6.24 by default. So you have done the same in your code that it already does :) But thanks for your effort to help! May the Source be with you!