Hello there,
right now I am using Joomla 1.0.12 and the latest bridge in a couple of sites. Since 1.0.13 is out for months now and 1.0.14 is on the way (RC is released) I was looking into ways to update Joomla but keep the bridge working.
What I did in my test server was downloading 1.0.12 to 1.0.13 patch archive and then compared the changes in the updated files. Seems like that if I edit includes/joomla.php to remove the function that salts the passwords the new way (and do some replacing in order to get the password the old way), the bridge continues to work even after updating to 1.0.13 (I tested all functions, old users login, new registrations, user changes password through SMF profile etc) . Of course this is true since I am using SMF for user registration and the bridge's login module. My guess is that the same process could work for 1.0.14 (I am already testing with the RC).
So what I wanted to ask (especially Ostrio) is if this way of making the bridge work sounds reliable or if it is a mistake that will cause things to break after I test it in the real site.
Thanks.
I think at this moment the bridge have security issues... (just guessing)
afonic: That should work. I don't see why it wouldn't.
ormuz: What would make you guess that?
Quote from: Orstio on January 22, 2008, 06:46:00 PM
afonic: That should work. I don't see why it wouldn't.
Thanks.
I guess I'll wait for 1.0.14 final (hope it is not too far away now that 1.5 is stable) and test on that.
Any update on this. I am having the same issues.
What changes would need to be made to joomla.php?
Thanks
You need to edit the function where the new salt is applied and revert it back to how it was before.
If you compare the old and new joomla.php the changes should be obvious.
Quote from: afonic on February 28, 2008, 12:15:56 PM
You need to edit the function where the new salt is applied and revert it back to how it was before.
If you compare the old and new joomla.php the changes should be obvious.
Hey afonic,
Have you tested this with J! 1.0.15. No reason to think why your same method would not work?
Had a quick look at 1.0.12 joomla.php vs. 1.0.15...
both versions' function mosMakePassword are the same, but in 1.0.15 there are a lot more instances of $salt. (in version .12 only two instances)
In addition, since 1.0.13 there is a josHashPassword...
/**
* A simple helper function to salt and hash a clear-text password.
*
* @since 1.0.13
* @param string $password A plain-text password
* @return string An md5 hashed password with salt
*/
function josHashPassword($password)
{
// Salt and hash the password
$salt = mosMakePassword(16);
$crypt = md5($password.$salt);
$hash = $crypt.':'.$salt;
return $hash;
}I'm not sure what edits need to be made.
messing with the salt will only have you going backwards (and in circles).
You need to flip your login process.
login via joomla, detect the joomla login (my->id >0) and create a corresponding SMF login.
theres a bit more, but basically you make JOOMLA the master and SMF the secondary
I have tested it with J! 1.0.15. , but instead, using includes/joomla.php from 1.0.12 version. All is working fine, apparently.
:-\
Quote from: forumnoob on March 10, 2008, 05:14:48 AM
messing with the salt will only have you going backwards (and in circles).
You need to flip your login process.
login via joomla, detect the joomla login (my->id >0) and create a corresponding SMF login.
theres a bit more, but basically you make JOOMLA the master and SMF the secondary
Or you could just use the bridge module for login, SMF for registration etc.
If you compare joomla.php from 1.0.12 with the one from 1.0.15 the changes that should be done in order to remove the new password salt and use the old way are pretty obvious, there are a few more changes in that file that are better off staying, thats why I suggested editing the new file and not use the one from 1.0.12.
Could you share with us the edited joomla.php file?
Actually joomla.php is not the only file that you should edit. you should edit this files to solve all problems.
administrator/index.php
administrator/components/com_users/admin.users.php
components/com_registration/registration.php
components/com_user/user.php
includes/joomla.php
i have patched the Joomla_1.0.12_to_1.0.15-Stable-Patch_Package to work with Bridge.
I hope it helps.
Here you are ;)
http://rapidshare.com/files/100168392/Joomla_1.0.12_to_1.0.15-Stable-Patch_Package_Orstio_Bridge_Compatible.zip.html (http://rapidshare.com/files/100168392/Joomla_1.0.12_to_1.0.15-Stable-Patch_Package_Orstio_Bridge_Compatible.zip.html)
Update: I have rezipped the file to grow over 1MB and have some rapidshare points for me :P (this is exactly same file but a little larger)
Quote from: omidkosari on March 16, 2008, 04:13:44 AM
i have patched the Joomla_1.0.12_to_1.0.15-Stable-Patch_Package to work with Bridge.
I hope it helps.
Here you are ;)
http://rapidshare.com/files/99917393/Joomla_1.0.12_to_1.0.15-Stable-Patch_Package_Orstio_Bridge_Compatible.zip.html (http://rapidshare.com/files/99917393/Joomla_1.0.12_to_1.0.15-Stable-Patch_Package_Orstio_Bridge_Compatible.zip.html)
Sorry you are violating the Simple Machines licence?
More info: http://www.simplemachines.org/community/index.php?topic=184558.msg1174172#msg1174172
No, I just downloaded it. There are no SMF or bridge files in the package, so no violation of the SMF license.
Oke nothing said O:)
wouldnt the SMF bridge be GPL anyway (and thus subject to redistribution) since it includes components of GPL software?
Quote from: omidkosari on March 16, 2008, 04:13:44 AM
Actually joomla.php is not the only file that you should edit. you should edit this files to solve all problems.
administrator/index.php
administrator/components/com_users/admin.users.php
components/com_registration/registration.php
components/com_user/user.php
includes/joomla.php
i have patched the Joomla_1.0.12_to_1.0.15-Stable-Patch_Package to work with Bridge.
I hope it helps.
Here you are ;)
http://rapidshare.com/files/99917393/Joomla_1.0.12_to_1.0.15-Stable-Patch_Package_Orstio_Bridge_Compatible.zip.html (http://rapidshare.com/files/99917393/Joomla_1.0.12_to_1.0.15-Stable-Patch_Package_Orstio_Bridge_Compatible.zip.html)
Wow!
If this really works I say: Thank you so much!
Quote from: forumnoob on March 16, 2008, 10:43:58 AM
wouldnt the SMF bridge be GPL anyway (and thus subject to redistribution) since it includes components of GPL software?
What components are you thinking of? As far as I know, it's only SMF-created code.
Either way, software isn't automatically GPL. It becomes undistributable at least, but there never is an automatic application of a license.
Quote from: forumnoob on March 16, 2008, 10:43:58 AM
wouldnt the SMF bridge be GPL anyway (and thus subject to redistribution) since it includes components of GPL software?
No.
The bridge was in violation of the Joomla interpretation of the GPL. That does not automatically make it GPL.
no, thats not what I'm talking about,
I'm talking about the fact that it called the $mainframe-> class and some "mos" functions and such (among other things) which are GPL code constructs of Joomla and Mambo - and the 'viral nature' of the GPL is such that, you use a GPL piece of code, then the code that incorporates it becomes GPL itself. Your option is to either NOT use the code or not distribute the 'derived work' (why this doesnt apply to joomla templates is one of the weired 'realities' of this hair splitting game)
So yeah, the bridge as constituted seems to be GPL (according to the "Elastic logic" we've seen lately.)
Its neither here nor there with me,just thought it a bit odd with all the panties in a bunch we see over the issue.
<shrug>
QuoteYour option is to either NOT use the code or not distribute the 'derived work'
Correct, and we chose to stop distributing. That doesn't make the bridge GPL, it just means that it was in violation of the Joomla interpretation of the GPL, and so it can no longer be distributed.
Quoteand the 'viral nature' of the GPL is such that, you use a GPL piece of code, then the code that incorporates it becomes GPL itself.
That is not correct. If the license under which the GPL-incorporated code is compatible with the GPL, then yes, the entire work falls under the umbrella of the GPL. However, if the license imposes restrictions on the Four Holy Freedoms, it becomes a violation of the license because it simply cannot fall under the terms of the GPL. The options at that point are to alter the license, or stop distribution.
Quote from: omidkosari on March 16, 2008, 04:13:44 AM
Actually joomla.php is not the only file that you should edit. you should edit this files to solve all problems.
administrator/index.php
administrator/components/com_users/admin.users.php
components/com_registration/registration.php
components/com_user/user.php
includes/joomla.php
i have patched the Joomla_1.0.12_to_1.0.15-Stable-Patch_Package to work with Bridge.
I hope it helps.
Here you are ;)
http://rapidshare.com/files/100168392/Joomla_1.0.12_to_1.0.15-Stable-Patch_Package_Orstio_Bridge_Compatible.zip.html (http://rapidshare.com/files/100168392/Joomla_1.0.12_to_1.0.15-Stable-Patch_Package_Orstio_Bridge_Compatible.zip.html)
Update: I have rezipped the file to grow over 1MB and have some rapidshare points for me :P (this is exactly same file but a little larger)
Thanks! so much. :)
I think if you or someone else can be still providing this kind of "updates" to keep bridge functioning, since there is not license violation ;) :P
Wow..... Brilliant!!
Now, I update to Joomla! 1.0.15 and SMF 1.1.5, keep bridging with Orstio Bridge 1.1.7 and its all WORKING. I'm use SMF for registration (not bridge mode). Good job and thanks a lot.
Sorry about my english.
Orstio, are there any issues to using the Joomla_1.0.12_to_1.0.15-Stable-Patch_Package_Orstio_Bridge_Compatible file that you can see?
This would be good if it's been tested.
Yeah, I wish someone with more experience could "audit" the code...
Ortios, can u please test this files... I don't think this hack to joomla is working at 100%