Code: Select all
IF ($phpBB_DB_value === $your_db_value) {
//Execute me if the values match
} ELSE {
//Execute me if they don't
}
Code: Select all
'user_password' => phpbb_hash($data['new_password']),
Code: Select all
function phpbb_hash($password)
{
$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
$random_state = unique_id();
$random = '';
$count = 6;
if (($fh = @fopen('/dev/urandom', 'rb')))
{
$random = fread($fh, $count);
fclose($fh);
}
if (strlen($random) < $count)
{
$random = '';
for ($i = 0; $i < $count; $i += 16)
{
$random_state = md5(unique_id() . $random_state);
$random .= pack('H*', md5($random_state));
}
$random = substr($random, 0, $count);
}
$hash = _hash_crypt_private($password, _hash_gensalt_private($random, $itoa64), $itoa64);
if (strlen($hash) == 34)
{
return $hash;
}
return md5($password);
}
Code: Select all
Fatal error: Call to a member function sql_escape() on a non-object in forum/includes/functions.php on line 145
Code: Select all
phpbb_hash('string');
Code: Select all
phpbb_hash($string);
Code: Select all
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from signup form
$myusername=$_POST['myusername'];
$mypassword=md5($_POST['mypassword']);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and user_password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if ($count != 0)
{
while ($sql = mysql_fetch_object($result))
{
$_SESSION[myusername] = $sql -> username;
$_SESSION[mypassword] = $sql -> user_password;
$_SESSION[rank] = $sql -> user_rank;
$_SESSION[email] = $sql -> user_email;
$_SESSION[active] = $sql -> user_inactive_reason;
}
}
I noticed that too, so now a handful of my users have the new hash, while the rest have md5 hash. I am still trying to figure out how to have my users input their password, and hash their input to the new hash to compare it to their password in the database.mecu wrote:Alternatively, perhaps we could force logout all users then making them have to log back in to the forums and it would take care of most of the users? The problem then would still be someone that doesn't login to the forums but still tries to use your custom script, so you could check with the new hash password, and if that fails, check with the old md5 method. I'm choosing to just require them to logout and login so they are all updated and more secure.
Code: Select all
$pass = testing;
HashPassword($pass);