API tools faq
paste
Advertisement
Guest User

dddddd

a guest
Feb 9th, 2016
47
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.34 KB | None | 0 0
raw download clone embed print report
  1. First up, we're gonna test your server to see how many rounds would be suitable for your server.
  2.  
  3. Download this file and place it into your root directory. Now navigate to yourforum.tld/rbieyj.php and record the result. It should look something like this:
  4. Code:
  5. Appropriate Cost Found: (number)
  6.  
  7. Create a directory inside /inc/datahandlers named bcrypt
  8.  
  9. Download this zip file and extract the contents into your freshly made bcrypt folder.
  10.  
  11. Edit the bcrypt.php file to appropriately reflect the cost you found earlier in the tutorial (the rounds variable).
  12.  
  13. Now for the fun parts c:
  14.  
  15.  
  16. In inc/datahandlers/login.php replace:
  17. PHP Code:
  18. <?php
  19. if($salted_password !== $this->login_data['password'])
  20. {
  21. $this->invalid_combination(true);
  22. return false;
  23. with:
  24. PHP Code:
  25. <?php
  26. if(strlen($this->login_data['password']) == 32) {
  27. //if the password is still using md5
  28. if($salted_password != $this->login_data['password'])
  29. {
  30. $this->invalid_combination(true);
  31. return false;
  32. } else {
  33. //update the password to bcrypt
  34. include_once(dirname(__FILE__)."/bcrypt/bcrypt.php");
  35.  
  36. $hasher = new BcryptHasher;
  37.  
  38. $sql_array = array(
  39. "password" => $hasher->make($user['password'])
  40. );
  41.  
  42. $db->update_query("users", $sql_array, "uid = '{$this->login_data['uid']}'");
  43. }
  44. } else {
  45. include_once(dirname(__FILE__)."/bcrypt/bcrypt.php");
  46. $hasher = new BcryptHasher;
  47. if(!$hasher->check($user['password'], $this->login_data['password'])) {
  48. $this->invalid_combination(true);
  49. return false;
  50. }
  51.  
  52. in inc/datahandlers/user.php
  53.  
  54. replace:
  55. PHP Code:
  56. <?php
  57. // MD5 the password
  58. $user['md5password'] = md5($user['password']);
  59.  
  60. // Generate our salt
  61. $user['salt'] = generate_salt();
  62.  
  63. // Combine the password and salt
  64. $user['saltedpw'] = salt_password($user['md5password'], $user['salt']);
  65.  
  66. with:
  67. PHP Code:
  68. <?php
  69. $user['salt'] = "dong"; // hacky fix that works
  70. //return a bcrypt hash
  71. include_once(dirname(__FILE__)."/bcrypt/bcrypt.php");
  72. $hasher = new BcryptHasher;
  73. $user['saltedpw'] = $hasher->make($user['password']);
  74.  
  75. in inc/functions_user.php
  76.  
  77. replace:
  78. PHP Code:
  79. <?php
  80. if(salt_password(md5($password), $user['salt']) === $user['password'])
  81. {
  82. return $user;
  83. }
  84. else
  85. {
  86. return false;
  87.  
  88. with:
  89. PHP Code:
  90. <?php
  91. if(strlen($user['password']) == 32) {
  92. if(salt_password(md5($password), $user['salt']) == $user['password'])
  93. {
  94. include_once(dirname(__FILE__)."/datahandlers/bcrypt/bcrypt.php");
  95.  
  96. $hasher = new BcryptHasher;
  97. $user['password'] = $hasher->make($password);
  98. $sql_array = array(
  99. "password" => $user['password']
  100. );
  101. $db->update_query("users", $sql_array, "uid = '{$user['uid']}'");
  102.  
  103. return $user;
  104. }
  105. else
  106. {
  107. return false;
  108. }
  109. } else {
  110. include_once(dirname(__FILE__)."/datahandlers/bcrypt/bcrypt.php");
  111. $hasher = new BcryptHasher;
  112. if(!$hasher->check($password, $user['password'])) {
  113. $this->invalid_combination(true);
  114. return false;
  115. } else {
  116. return $user;
  117. }
  118.  
  119. replace:
  120. PHP Code:
  121. <?php
  122. $saltedpw = salt_password($password, $salt);
  123.  
  124. with:
  125. PHP Code:
  126. <?php
  127. // replace salted password with bcrypt
  128. include_once(dirname(__FILE__)."/datahandlers/bcrypt/bcrypt.php");
  129. $hasher = new BcryptHasher;
  130. $saltedpw = $hasher->make($password);
  131.  
  132. in member.php
  133. replace:
  134. PHP Code:
  135. <?php
  136. $logindetails = update_password($user['uid'], md5($password), $user['salt']);
  137.  
  138. with
  139. PHP Code:
  140. <?php
  141. $logindetails = update_password($user['uid'], $password, $user['salt']);
  142.  
  143. And that's it. To test, logout of your forum account, login again, logout again and login again.
  144.  
  145. Also, test resetting you password via the "i forgot my password" form and test changing your password via the usercp.
  146.  
  147. If anything is broken, let me know and I will assist you. Smile
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!