You are not logged in. Please login or register.

Forums

Unfortunately no one can be told what FluxBB is - you have to see it for yourself.

You are not logged in.

Pages: 1

#1 2009-11-20 03:59:56

Tyler
Member
Registered: 2008-05-11
Posts: 104

Temporary alternative to using 'forgot password' after conversion

Open login.php

Find:

    $result = $db->query('SELECT id, group_id, password FROM '.$db->prefix.'users WHERE '.$username_sql) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
    list($user_id, $group_id, $db_password_hash) = $db->fetch_row($result);

Replace With:

    $result = $db->query('SELECT id, group_id, password, salt FROM '.$db->prefix.'users WHERE '.$username_sql) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
    list($user_id, $group_id, $db_password_hash, $salt) = $db->fetch_row($result);

Find:

    $authorized = false;

Add Before:

    if ($salt)
    {
        if (sha1($salt.sha1($form_password)) == $db_password_hash)
        {
            $db->query('UPDATE users SET password = \''.pun_hash($form_password).'\', salt=\'\' WHERE id = \''.$user_id.'\'');
            message('Password updated successfully!');
        }
    }

Save & Close login.php

If there is any wrong-doing, coding wise, in this please let me know. tongue

Note: I've only tested this with PunBB 1.3 -> FluxBB 1.4b2 (MySQL), though I don't see it not working on any revision in between 1.4b2 and 1165 OR not working with FluxBB 1.3 -> 1.4b2.
Note2: I didn't add a pun_hash-esque function for this because as far as I know 1.3 dropped MD5 support, so any server running 1.3 will be able to handle SHA-1.
Note3: I didn't add any checking mechanism to see if you've converted, though I'd like to assume you'd only try this if you've converted from 1.3 tongue.

Last edited by Tyler (2009-11-20 22:33:16)

Offline

#2 2009-11-20 09:20:46

Franz
Lead developer
From: Germany
Registered: 2008-05-13
Posts: 3,755
Website

Re: Temporary alternative to using 'forgot password' after conversion

Tyler wrote:

Note3: I didn't add any checking mechanism to see if you've converted, though I'd like to assume you'd only try this if you've converted from 1.3 tongue.

Isn't this what you're talking about?

      if (sha1($salt.sha1($form_password)) == $db_password_hash)

Also: why the 'converted' column?

fluxbb.de | develoPHP

"As code is more often read than written it's really important to write clean code."

Offline

#3 2009-11-20 15:02:51

Smartys
Former Developer
Registered: 2008-04-27
Posts: 3,117
Website

Re: Temporary alternative to using 'forgot password' after conversion

Yeah, there's no converted column necessary: just set the salt to null. I proposed this method about a month ago

Offline

#4 2009-11-20 18:58:23

Tyler
Member
Registered: 2008-05-11
Posts: 104

Re: Temporary alternative to using 'forgot password' after conversion

lie2815 wrote:
Tyler wrote:

Note3: I didn't add any checking mechanism to see if you've converted, though I'd like to assume you'd only try this if you've converted from 1.3 tongue.

Isn't this what you're talking about?

      if (sha1($salt.sha1($form_password)) == $db_password_hash)

I mean it doesn't check to see if there is a salt column.  So if you didn't convert, login doesn't work.

lie2815 wrote:

Also: why the 'converted' column?

Didn't think about what Smartys suggested.

Last edited by Tyler (2009-11-20 18:59:11)

Offline

#5 2009-11-21 00:25:20

Tyler
Member
Registered: 2008-05-11
Posts: 104

Re: Temporary alternative to using 'forgot password' after conversion

Changed it to Smartys' (read: smarter) method. tongue

Offline

Pages: 1

Board footer

Powered by FluxBB 1.4.8