Customizing SMF > SMF Coding Discussion

Change SMF to use SHA256 Encryption

(1/4) > >>

Radianation:
Originally discussed in this thread regarding a port from Snitz 3.4.03 to SMF:
http://support.simplemachines.org/community/index.php?topic=15521.15

I managed to port the forum properly with only 2 minor problems.
1. Topics sorted incorrectly after porting (those with 0 replies listed first)
2. SHA256 Encryption on passwords in the Snitz install left none of my users able to easily login.

My solution? Why not implement SHA256 encryption in the login system of SMF? If it's a problem for a future updates, what about a login modification for right now that checks the password using SHA256 and then resaves it using the default encryption for SMF? Eventually this would allow me to phase out SHA256 and use the SMF standard.

Any help is appreciated. I run my own server (windows) and am stuck trying to modify the php.ini (it hangs after I try to enable the php_mhash.dll...

Radianation:

--- Code: --- // Old style encryption... now's the only time to fix it.
if ($user_settings['passwd'] == crypt($_REQUEST['passwrd'], substr($_REQUEST['passwrd'], 0, 2)) || $user_settings['passwd'] == md5($_REQUEST['passwrd']))
{
updateMemberData($user_settings['ID_MEMBER'], array('passwd' => '\'' . $md5_passwrd . '\''));
$user_settings['passwd'] = $md5_passwrd;
}
--- End code ---

It looks like this is where I need to make the adjustment(s). I'm not very good with PHP, but the comments definitely help.

[Unknown]:
Below that, add:


--- Code: --- elseif ($user_settings['passwd'] == mhash(MHASH_SHA256, $_REQUEST['passwrd']))
{
updateMemberData($user_settings['ID_MEMBER'], array('passwd' => '\'' . $md5_passwrd . '\''));
$user_settings['passwd'] = $md5_passwrd;
}
--- End code ---

This may or may not work.  If you don't have mhash installed, it will only make login worse :P.

Remember to update the extension_dir setting in php.ini - mine is:
extension_dir = "D:\Program Files\PHP\extensions"

And make sure you have php_mhash.dll in that directory.

-[Unknown]

Radianation:
I had some issues with mhash.dll, and after reading on several other sites that windows + mhash.dll is buggy I decided to upgrade from 4.3.7 (i think) to 5.0.1. We'll see if that does the trick. Then I'll apply this potential fix you presented. Thanks.

Radianation:
Ok, I had some difficulties with 5.0.1 so I'm using PHP 4.3.8. After some mistakes due to fatigue, I am back up and running again. I noticed that I did not have php_mhash.dll in my ext folder. I tried to grab a version off the net, but it gives me a weird error when I enable it (and the system hangs). I couldn't find a copy on pecl.php.net or pear.php.net...  ::)

Navigation

[0] Message Index

[#] Next page

Go to full version