FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » Plugins and Code Hacks » fud_update_user, fud_add_user patch (Password was stored as plain text instead of hash)
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: fud_update_user, fud_add_user patch [message #166643 is a reply to message #166642] Sat, 04 February 2012 08:32 Go to previous messageGo to previous message
NeXuS is currently offline  NeXuS
Messages: 121
Registered: July 2010
Location: South Korea
Karma:
Senior Member
Contributing Core Developer
EDIT : FUDforum does not store passwords in plain text.

FUDforum supports 2 authentication models: straight MD5 hashing of password, or SHA1 hashing of (password concatenated with SHA1 hash of salt). If the salt is present, FUD assumes SHA1, otherwise plain MD5.

The fud_update_user and fud_add_user functions (which are intended for integration, and are not directly called by FUDforum) were simply wrongly coded and stored passwords in plaintext (thus login would not work, since it expects an hash). I just made sure that they use the most secure form possible, although it is slightly more expensive (two hashes for every authentication instead of one).

[Updated on: Sat, 04 February 2012 08:41]

Report message to a moderator

[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: How to move/replicate elements to another spot on the page
Next Topic: GLOBALS.php and integration: suggested patch
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Dec 05 02:06:16 GMT 2024

Total time taken to generate the page: 0.03713 seconds