Genoa 0.6.24 users.profile.inc.php password update problem

MecTruy	#1 10. Oktober 2012, 07:45
Members Thanked: 10 mal	Genoa 0.6.24 system/core/users/users.profile.inc.php password update problem, if you want change your password, you can't because users.profile.inc.php have a problem ! so we know cotonti password system changed with sha256 salt. but users.profile.inc.php just using md5 Crypt system, i did fix this. i did share fix codes, but Trustmaster must be control my codes, its working but maybe i did little wrong :) fix code: http://www.cotonti.com/pastebin/196 Kurta sormuşlar senin ensen neden kalın ? diye, Kendi işimi kendim yaparımda ondan demiş...
Dieser Beitrag wurde von MecTruy (am 10. Oktober 2012, 13:30, vor 11 Jahre) bearbeitet

MecTruy

#1 10. Oktober 2012, 07:45

Genoa 0.6.24 system/core/users/users.profile.inc.php password update problem, if you want change your password, you can't because users.profile.inc.php have a problem ! so we know cotonti password system changed with sha256 salt. but users.profile.inc.php just using md5 Crypt system, i did fix this. i did share fix codes, but Trustmaster must be control my codes, its working but maybe i did little wrong :)

fix code: http://www.cotonti.com/pastebin/196

Kurta sormuşlar senin ensen neden kalın ? diye, Kendi işimi kendim yaparımda ondan demiş...

Dieser Beitrag wurde von MecTruy (am 10. Oktober 2012, 13:30, vor 11 Jahre) bearbeitet

pieter	#2 10. Oktober 2012, 09:57
Team Thanked: 9 mal	Please use pastbin to put in a lot of code: http://www.cotonti.com/pastebin/ ... can we help you ...

Trustmaster	#3 10. Oktober 2012, 18:33
Administrators Thanked: 263 mal	Can anybody confirm the problem? I've just tested on a Genoa 0.6.24 instance and I was able to update the old md5 password to a new sha256 in profile. May the Source be with you!

MecTruy	#4 15. Oktober 2012, 10:47
Members Thanked: 10 mal	Trustmaster, have a problem you can control $roldpass = md5($roldpass); look this where is sha256 salt ? old account always must use md5 passwords. Kurta sormuşlar senin ensen neden kalın ? diye, Kendi işimi kendim yaparımda ondan demiş...

Trustmaster	#5 15. Oktober 2012, 17:14
Administrators Thanked: 263 mal	Old accounts use md5() hashes, this is default behavior. They are only updated to sha256 when they change password in profile. You don't need to use md5() function in profile because it is used by sed_hash() if current user_hashfunc value is md5 (which is so for existing users). If there are problems with that, then patch-0.6.23-0.6.24.sql is not applied correctly on your database. May the Source be with you!

Trustmaster

#5 15. Oktober 2012, 17:14

Administrators
Thanked: 263 mal

Old accounts use md5() hashes, this is default behavior. They are only updated to sha256 when they change password in profile. You don't need to use md5() function in profile because it is used by sed_hash() if current user_hashfunc value is md5 (which is so for existing users). If there are problems with that, then patch-0.6.23-0.6.24.sql is not applied correctly on your database.

May the Source be with you!

MecTruy	#6 16. Oktober 2012, 07:31
Members Thanked: 10 mal	i understand now, it means who is using md5 password they will stay always with this hash only new member will use sha256, but with my code when time you will update your password change with sha256 :) http://www.cotonti.com/pastebin/196 Kurta sormuşlar senin ensen neden kalın ? diye, Kendi işimi kendim yaparımda ondan demiş...

Trustmaster	#7 16. Oktober 2012, 11:42
Administrators Thanked: 263 mal	but with my code when time you will update your password change with sha256 :) Same is done in 0.6.24 by default. So you have done the same in your code that it already does :) But thanks for your effort to help! May the Source be with you!