Help with customizing Joomla to work with the bridge

Started by afonic, January 22, 2008, 09:07:55 AM

Previous topic - Next topic

afonic

Hello there,

right now I am using Joomla 1.0.12 and the latest bridge in a couple of sites. Since 1.0.13 is out for months now and 1.0.14 is on the way (RC is released) I was looking into ways to update Joomla but keep the bridge working.

What I did in my test server was downloading 1.0.12 to 1.0.13 patch archive and then compared the changes in the updated files. Seems like that if I edit includes/joomla.php to remove the function that salts the passwords the new way (and do some replacing in order to get the password the old way), the bridge continues to work even after updating to 1.0.13 (I tested all functions, old users login, new registrations, user changes password through SMF profile etc) . Of course this is true since I am using SMF for user registration and the bridge's login module. My guess is that the same process could work for 1.0.14 (I am already testing with the RC).

So what I wanted to ask (especially Ostrio) is if this way of making the bridge work sounds reliable or if it is a mistake that will cause things to break after I test it in the real site.

Thanks.

ormuz

I think at this moment the bridge have security issues... (just guessing)

Orstio

afonic:  That should work.  I don't see why it wouldn't.

ormuz:  What would make you guess that?

afonic

Quote from: Orstio on January 22, 2008, 06:46:00 PM
afonic:  That should work.  I don't see why it wouldn't.

Thanks.

I guess I'll wait for 1.0.14 final (hope it is not too far away now that 1.5 is stable) and test on that.

chickenout

Any update on this.  I am having the same issues.

What changes would need to be made to joomla.php?

Thanks

afonic

You need to edit the function where the new salt is applied and revert it back to how it was before.

If you compare the old and new joomla.php the changes should be obvious.

kai920

Quote from: afonic on February 28, 2008, 12:15:56 PM
You need to edit the function where the new salt is applied and revert it back to how it was before.

If you compare the old and new joomla.php the changes should be obvious.

Hey afonic,

Have you tested this with J! 1.0.15. No reason to think why your same method would not work?

Had a quick look at 1.0.12 joomla.php vs. 1.0.15...

both versions' function mosMakePassword are the same, but in 1.0.15 there are a lot more instances of $salt. (in version .12 only two instances)

In addition, since 1.0.13 there is a josHashPassword...

/**
* A simple helper function to salt and hash a clear-text password.
*
* @since 1.0.13
* @param string $password A plain-text password
* @return string An md5 hashed password with salt
*/
function josHashPassword($password)
{
// Salt and hash the password
$salt = mosMakePassword(16);
$crypt = md5($password.$salt);
$hash = $crypt.':'.$salt;

return $hash;
}


I'm not sure what edits need to be made.

forumnoob

messing with the salt will only have you going backwards (and in circles).

You need to flip your login process.
login via joomla, detect the joomla login (my->id >0) and create a corresponding SMF login.

theres a bit more, but basically you make JOOMLA the master and SMF the secondary


cbpm

I have tested it with J! 1.0.15. , but instead, using includes/joomla.php from 1.0.12 version. All is working fine, apparently.

:-\

afonic

Quote from: forumnoob on March 10, 2008, 05:14:48 AM
messing with the salt will only have you going backwards (and in circles).

You need to flip your login process.
login via joomla, detect the joomla login (my->id >0) and create a corresponding SMF login.

theres a bit more, but basically you make JOOMLA the master and SMF the secondary



Or you could just use the bridge module for login, SMF for registration etc.

If you compare joomla.php from 1.0.12 with the one from 1.0.15 the changes that should be done in order to remove the new password salt and use the old way are pretty obvious, there are a few more changes in that file that are better off staying, thats why I suggested editing the new file and not use the one from 1.0.12.

kai920

Could you share with us the edited joomla.php file?

omidkosari

#11
Actually joomla.php is not the only file that you should edit. you should edit this files to solve all problems.

administrator/index.php
administrator/components/com_users/admin.users.php
components/com_registration/registration.php
components/com_user/user.php
includes/joomla.php

i have patched the Joomla_1.0.12_to_1.0.15-Stable-Patch_Package to work with Bridge.
I hope it helps.
Here you are  ;)
http://rapidshare.com/files/100168392/Joomla_1.0.12_to_1.0.15-Stable-Patch_Package_Orstio_Bridge_Compatible.zip.html

Update: I have rezipped the file to grow over 1MB and have some rapidshare points for me  :P (this is exactly same file but a little larger)

Superdaantje

Greetz
Superdaantje.nl

.
Joomlabridge.org SMF Bridge Support, Downloads and Joomla Video Tutorials

Orstio

No, I just downloaded it.  There are no SMF or bridge files in the package, so no violation of the SMF license.

Superdaantje

Greetz
Superdaantje.nl

.
Joomlabridge.org SMF Bridge Support, Downloads and Joomla Video Tutorials

forumnoob

wouldnt the SMF bridge be GPL anyway (and thus subject to redistribution) since it includes components of GPL software?

Perfektionist

Quote from: omidkosari on March 16, 2008, 04:13:44 AM
Actually joomla.php is not the only file that you should edit. you should edit this files to solve all problems.

administrator/index.php
administrator/components/com_users/admin.users.php
components/com_registration/registration.php
components/com_user/user.php
includes/joomla.php

i have patched the Joomla_1.0.12_to_1.0.15-Stable-Patch_Package to work with Bridge.
I hope it helps.
Here you are  ;)
http://rapidshare.com/files/99917393/Joomla_1.0.12_to_1.0.15-Stable-Patch_Package_Orstio_Bridge_Compatible.zip.html

Wow!

If this really works I say: Thank you so much!

青山 素子

Quote from: forumnoob on March 16, 2008, 10:43:58 AM
wouldnt the SMF bridge be GPL anyway (and thus subject to redistribution) since it includes components of GPL software?

What components are you thinking of? As far as I know, it's only SMF-created code.

Either way, software isn't automatically GPL. It becomes undistributable at least, but there never is an automatic application of a license.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Orstio

Quote from: forumnoob on March 16, 2008, 10:43:58 AM
wouldnt the SMF bridge be GPL anyway (and thus subject to redistribution) since it includes components of GPL software?

No.

The bridge was in violation of the Joomla interpretation of the GPL.  That does not automatically make it GPL.

forumnoob

no, thats not what I'm talking about,

I'm talking about the fact that it called the $mainframe-> class and some "mos" functions and such (among other things) which are GPL code constructs of Joomla and Mambo - and the 'viral nature' of the GPL is such that, you use a GPL piece of code, then the code that incorporates it becomes GPL itself. Your option is to either NOT use the code or not distribute the 'derived work' (why this doesnt apply to joomla templates is one of the weired 'realities' of this hair splitting game)

So yeah, the bridge as constituted seems to be GPL (according to the "Elastic logic" we've seen lately.)

Its neither here nor there with me,just thought it a bit odd with all the panties in a bunch we see over the issue.

<shrug>

Advertisement: