vb.org Archive - View Single Post - [release vb2] Database Password Encryption

dabean · #44 06-28-2001, 06:26 PM

first all you need to fix a little bug in hack.

In member.php Find

PHP Code:


			
  // validate old password

  if ($currentpassword!=$bbuserinfo[password]) {

    eval("standarderror(\"".gettemplate("error_wrongpassword")."\");");

    exit;

  }

above it add

PHP Code:


			
  // secure password mod - encrypt password

  if ($bbuserinfo[encryptedpass]==1) {

    $currentpassword=md5($currentpassword);

  } // end secure password mod

now for the actual improvement.

File: member.php

Find...

PHP Code:


			
  if ($newpassword!=$newpasswordconfirm) {

    eval("standarderror(\"".gettemplate("error_passwordmismatch")."\");");

    exit;

  }



  // secure passwords

  if ($bbuserinfo[encryptedpass]==1) {

    $newpassword=md5($newpassword);

  }

  // end secure passwords

replace it with

PHP Code:


			
  if ($newpassword!=$newpasswordconfirm) {

    eval("standarderror(\"".gettemplate("error_passwordmismatch")."\");");

    exit;

  }



  // secure passwords

  if ($encryption=="off" && $bbuserinfo[encryptedpass]==1) {

    $DB_site->query("UPDATE user SET encryptedpass=0 WHERE userid='$bbuserinfo[userid]'");

  } else {

    if ($bbuserinfo[encryptedpass]==1) {

      $newpassword=md5($newpassword);

    }

  }

  // end secure passwords

Find

PHP Code:


			
  // secure passwords

  if ($bbuserinfo[encryptedpass]==1) {

    // md5 hash password & store todo

    $cryptpassword=1;

    $urltoforward=""

  } else {

Replace with

PHP Code:


			
  // secure passwords

  if ($bbuserinfo[encryptedpass]==1 && $cryptpassword==0) {

    // md5 hash password & store todo

    $cryptpassword=1;

    $downgradepass=1;

  } else {

Find

PHP Code:


			
  } else {      

      $goto="usercp.php?s=$session[sessionhash]";

  }

replace with

PHP Code:


			
  } else {         // secure passwords

    if($downgradepass!=1) {

      $goto="usercp.php?s=$session[sessionhash]";

    } else {

      $goto="member.php?s=$session[sessionhash]&action=editpassword&encryption=off";

    }

  }           // end secure passwords

now for the templates

template modifypassword
below
<input type="hidden" name="s" value="$session[sessionhash]">

add
<input type="hidden" name="encryption" value="$encryption">

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01206 seconds Memory Usage 1,806KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD_SHOWPOST (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (8)bbcode_php (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_box (1)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (1)post_thanks_postbit_info (1)postbit (1)postbit_onlinestatus (1)postbit_wrapper (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit reputationlevel showthread	Included Files: ./showpost.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showpost_start bbcode_fetch_tags bbcode_create postbit_factory showpost_post postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start showpost_complete
Messages: