Cotonti / Open Source PHP Content Management FrameworkContent Management Framework

Forums / Cotonti / Bugs / Genoa 0.6.24 users.profile.inc.php password update problem

MecTruy
#1 2012-10-10 07:45

Genoa 0.6.24 system/core/users/users.profile.inc.php password update problem, if you want change your password, you can't because users.profile.inc.php have a problem ! so we know cotonti password system changed with sha256 salt. but users.profile.inc.php just using md5 Crypt system, i did fix this. i did share fix codes, but Trustmaster must be control my codes, its working but maybe i did little wrong :)

fix code:  http://www.cotonti.com/pastebin/196

 

Kurta sormuşlar senin ensen neden kalın ? diye, Kendi işimi kendim yaparımda ondan demiş...

This post was edited by MecTruy (2012-10-10 13:30, 7 years ago)
pieter
#2 2012-10-10 09:57

Please use pastbin to put in a lot of code:

http://www.cotonti.com/pastebin/

... can we help you ...
Trustmaster
#3 2012-10-10 18:33

Can anybody confirm the problem? I've just tested on a Genoa 0.6.24 instance and I was able to update the old md5 password to a new sha256 in profile.

May the Source be with you!
MecTruy
#4 2012-10-15 10:47

Trustmaster, have a problem you can control $roldpass = md5($roldpass); look this where is sha256 salt ?  old account always must use md5 passwords.

Kurta sormuşlar senin ensen neden kalın ? diye, Kendi işimi kendim yaparımda ondan demiş...
Trustmaster
#5 2012-10-15 17:14

Old accounts use md5() hashes, this is default behavior. They are only updated to sha256 when they change password in profile. You don't need to use md5() function in profile because it is used by sed_hash() if current user_hashfunc value is md5 (which is so for existing users). If there are problems with that, then patch-0.6.23-0.6.24.sql is not applied correctly on your database.

May the Source be with you!
MecTruy
#6 2012-10-16 07:31

i understand now, it means who is using md5 password they will stay always with this hash only new member will use sha256, but with my code when time you will update your password change with sha256 :)  http://www.cotonti.com/pastebin/196

Kurta sormuşlar senin ensen neden kalın ? diye, Kendi işimi kendim yaparımda ondan demiş...
Trustmaster
#7 2012-10-16 11:42

but with my code when time you will update your password change with sha256 :)

Same is done in 0.6.24 by default. So you have done the same in your code that it already does :) But thanks for your effort to help!

May the Source be with you!