MOD Title: MD5 to SHA1 password security
MOD Description: This mod replaces phpbb's native md5 hashing with sha1 hashing.
MOD Version: 0.1.0
MOD Download: http://jad.tfsnewworld.com/temp/sha1mod.zip
Though while this code is alpha, due to its simplicity, its a rather easy mod and there isn't alot of work that has to be done to get it finished.
Code: Select all
#################################################################
## MOD Title: MD5 to SHA1 password security
## MOD Author: Chase-san <[email protected]> (Robert Maupin) <N/A>
## MOD Description:
## This mod replaces phpbb's native md5 hashing with sha1 hashing.
## MOD Version: 0.1.0
##
## Installation Level: Beginner
## Installation Time: 5-10 Minutes
## Files To Edit: login.php, include/usercp_sendpasswd.php, include/usercp_register.php
##
## Lines(!) to Add: 0
## Lines(!) to Replace: 7
## Included Files: None
## License: http://opensource.org/licenses/gpl-license.php GNU General Public License v2
##############################################################
## Author Notes:
##
## This mod should secure your passwords better using longer hashes.
##
## WARNING: Upgrading using this mod will most likely make it impossible
## to upgrade to PHPBB 3. Atleast without phpbb3 modification.
##
##############################################################
## MOD History:
##
## 2006-06-04 - Version 0.1.0
## - First Alpha Release
##
##############################################################
## Before Adding This MOD To Your Forum, You Should Back Up All Files Related To This MOD
##############################################################
#
#-----[ SQL ]-------------------------------------------------
#
# If your phpbb table prefix is different, then change it to
# reflect the correct one.
#
#
ALTER TABLE `phpbb_users` CHANGE `user_password` `user_password` VARCHAR( 40 )
#
#-----[ OPEN ]---------------------------------------------
#
login.php
#
#-----[ FIND ]---------------------------------------------
# around line 90
if( md5($password) == $row['user_password'] && $row['user_active'] )
#
#-----[ REPLACE WITH ]---------------------------------------
#
# Will replace later with larger addition that will rehash the password to sha1
if( (sha1($password) == $row['user_password'] || md5($password) == $row['user_password']) && $row['user_active'] )
#
#-----[ OPEN ]---------------------------------------------
#
usercp_sendpasswd.php
#
#-----[ FIND ]---------------------------------------------
# around line 57
$sql = "UPDATE " . USERS_TABLE . "
SET user_newpasswd = '" . md5($user_password) . "', user_actkey = '$user_actkey'
WHERE user_id = " . $row['user_id'];
#
#-----[ REPLACE WITH ]---------------------------------------
#
$sql = "UPDATE " . USERS_TABLE . "
SET user_newpasswd = '" . sha1($user_password) . "', user_actkey = '$user_actkey'
WHERE user_id = " . $row['user_id'];
#
#-----[ OPEN ]---------------------------------------------
#
usercp_register.php
#
#-----[ FIND ]---------------------------------------------
# around line 352
if ( $row['user_password'] != md5($cur_password) )
#
#-----[ REPLACE WITH ]---------------------------------------
#
if ( $row['user_password'] != sha1($cur_password) )
#
#-----[ FIND ]---------------------------------------------
# around line 361
$new_password = md5($new_password);
#
#-----[ REPLACE WITH ]---------------------------------------
#
$new_password = sha1($new_password);
#
#-----[ FIND ]---------------------------------------------
# around line 398
if ( $row['user_password'] != md5($cur_password) )
#
#-----[ REPLACE WITH ]---------------------------------------
#
if ( $row['user_password'] != sha1($cur_password) )
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM