Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Help - Kill password resave -SOLVED
Greetings,
Long story short, I am integrating these wonderful forums into a shopping cart community and need it to leave the password as MD5. I have found a string of code I think will do the trick, but I am unsure and before I go around messing with all the files I want to make sure I am reading this correctly.
/**
* Create stronger password hash
* but still allow to check the password against old password storage has
*
* @package People
*/
class PeoplePasswordHash extends PasswordHash {
/**
* @var Context;
*/
var $Context;
/**
* Chech password against stored password
*
* The stored password can be plain, a md5 hash or a phpass hash
*
* @param User $User
* @param string $Password
* @return boolean
*/
function CheckPassword($User, $Password, $RegenerateHash=1) {
if ($User->Password[0] === '_' || $User->Password[0] === '$') {
return parent::CheckPassword($Password, $User->Password);
} else if ($Password && $User->Password !== '*'
&& ($Password === $User->Password || md5($Password) === $User->Password)
) {
if ($RegenerateHash) {
$this->SetNewPassword($User, $Password);
}
return true;
}
return false;
}
/**
* Regenerate password
*
* @param User $User
* @param string $Password
*/
function SetNewPassword($User, $Password) {
$UserManager = $this->Context->ObjectFactory->NewContextObject(
$this->Context, 'UserManager');
$User->Password = parent::HashPassword($Password);
return $UserManager->SaveUserCredentials($User);
}
/**
* Constructor
*
* @param Context $Context
* @return PeoplePasswordHash
*/
function PeoplePasswordHash(&$Context) {
$this->Context =& $Context;
parent::PasswordHash(
$Context->Configuration['PASSWORD_HASH_ITERATION'],
$Context->Configuration['PASSWORD_HASH_PORTABLE']);
}
}
Ok, so if I edit out all the commands happening inside "function PeoplePasswordHash(&$Context)" then the command will still read the MD5, but not run the MD5 conversion to phpass..... correct?
0
Comments
Below if you want to keep MD5 has instead of having the password replaced by phpass comment out the following in the above code
inside library/People.Class.PasswordHash.php
LINE 300 you will find the below code
function SetNewPassword($User, $Password) {
$UserManager = $this->Context->ObjectFactory->NewContextObject(
$this->Context, 'UserManager');
$User->Password = parent::HashPassword($Password);
return $UserManager->SaveUserCredentials($User);
}
COMMENT OUT ALL INSIDE THE FUNCTION, like below.
function SetNewPassword($User, $Password) {
// $UserManager = $this->Context->ObjectFactory->NewContextObject(
// $this->Context, 'UserManager');
// $User->Password = parent::HashPassword($Password);
// return $UserManager->SaveUserCredentials($User);
}
This might be the cheap way of doing it rather then removing the whole function, but this way if you ever feel the need to revert the file back to original state you have the ability.