Which files I need change to change user password coding.

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
SharkmanLt
Registered User
Posts: 2
Joined: Sat Oct 04, 2008 12:24 pm

Which files I need change to change user password coding.

Post by SharkmanLt » Sat Oct 04, 2008 12:29 pm

Which files I need change to change user password coding. Now it's just md5, but I wonna have a md5,sha1,md5. I know how to change I just don't know which files I need to change. I was searching those files but there was more files there is using md5 coding and now I am little confused.
Sorry for a bad English.

espicom
Registered User
Posts: 17905
Joined: Wed Dec 22, 2004 1:14 am
Location: Woodstock, IL

Re: Which files I need change to change user password coding.

Post by espicom » Sat Oct 04, 2008 10:13 pm

Are you afraid someone is going to copy your user table, and attempt a dictionary attack on the passwords? If so, then you have more to worry about than the way the passwords are encoded, since it is a "one way" hash. And even SHA1 is vulnerable to a dictionary attack with bad password selection. Not to mention that all existing passwords would be unrecoverable.

A better plan of attack would be to make sure your file server is secure, to prevent someone accessing the raw database, and consider moving your board to SSL encryption (https instead of http), using either a self-signed or purchased security certificate. Otherwise, your users' passwords are moving about internet unencrypted anyway.

And the code is login.php, profile.php, and admin/admin_users.php, but MD5 is used in other places, too.
Jeff
Fixing 1016/1030/1034 Errors | (obsolete link) | MySQL 4.1/5.x Client Error | phpBBv2 Logo in ACP
Support requests via PM are ignored!
"To be fully alive is to feel that everything is possible." - Eric Hoffer

SharkmanLt
Registered User
Posts: 2
Joined: Sat Oct 04, 2008 12:24 pm

Re: Which files I need change to change user password coding.

Post by SharkmanLt » Sun Oct 05, 2008 10:50 am

I understand what you wonna say, but I wonna change just pass coding. :)

Locked

Return to “2.0.x Support Forum”