Thread: Turn off MD5'ing of passwords
View Single Post
  #8  
Old 03-16-2007, 07:10 PM
Brad Brad is offline
 
Join Date: Nov 2001
Posts: 4,765
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
It prevents the hashing of the password by the javascript in the navbar. Meaning the password is sent to the server as plaintext.

It's half the battle, the rest deals with hacking this bit of code from class_dm_user.php;

PHP Code:
        /**
    * Takes a plain text or singly-md5'd password and returns the hashed version for storage in the database
    *
    * @param    string    Plain text or singly-md5'd password
    *
    * @return    string    Hashed password
    */
    function hash_password($password$salt)
    {
        // if the password is not already an md5, md5 it now
        if ($password == '')
        {
        }
        else if (!$this->verify_md5($password))
        {
            $password md5($password);
        }

        // hash the md5'd password with the salt
        return md5($password $salt);
    } 
Try changing it to this;

PHP Code:
    /**
    * Takes a plain text or singly-md5'd password and returns the hashed version for storage in the database
    *
    * @param    string    Plain text or singly-md5'd password
    *
    * @return    string    Hashed password
    */
    function hash_password($password$salt)
    {
        return $password;
    } 
May or may not work, I dunno I didn't test it. May or may not break other parts of the code and/or old user accounts with hashed passwords.
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01090 seconds
  • Memory Usage 1,778KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_php
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete