Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
JSConnect.php MD5 Confusing documentation snippit
SirChuck
New
// You can also use a hash name like md5, sha1 etc which must be the name as the connection settings in Vanilla.
What am I able to md5 ? The $user['name'] ? The $clientID, the $secret , what "hash name" is it talking about ?
What does , "which must be the name of the connection settings in Vanilla" mean ?
Basically which items that I pass to vanilla thru JSConnect.php can I or should I md5?
Tagged:
0
Comments
Have you looked at the code examples? That would give you a good idea.
btw, the docs are wrong about sha1.
grep is your friend.
I'm not sure, i downloaded the PHP code if thats what you mean. Thats where I found the confusing comment. Other than the three files I downloaded, I didn't see any other examples. Its working now, but I didn't md5 any of the variables like client_id, the jsconnect script i downloaded does handle that by itself though after I pass in the variables.
https://github.com/vanillaforums/jsConnectPHP
the line
$Signature = JsHash($Request['timestamp'].$Secret, $Secure);
grep is your friend.
Right , thats where I got the files.
index.php has the confusing line.
Perhaps if the line talking about what to hash had been in the functions.jsconnect.php file it would have made more sense. The way it is, it lead me to think I'm supposed to send the plugin a hashed value in the WriteJsConnect($user, $_GET, $clientID, $secret, $secure); line.
Ex: WriteJsConnect($user, $_GET, md5($clientID), $secret, $secure);
or maybe $user['name'] = md5($user['name']);
--> // You can also use a hash name like md5, sha1 etc which must be the name as the connection settings in Vanilla.
Would better be written:
--> // You can hash the jsConnect $Signature with md5 or sha1 in the functions.jsconnect.php file.
Seeing as the function file hashes the signature already im not even sure why that comment is necessary.
If I'm understanding.