[1.X] RevCMS - Security Key [FIX]

Sledmore

Sledmore

Chaturbate Livestreamer
Staff member
FindRetros Moderator
Jul 24, 2010
5,199
3,934
Hey,

Found this about 6 month ago but never bothered to make a thread as I didn't use the 'Security Key' option in RevCMS and didn't see much others but I have recently.

Have you used this before and noticed how all the hashes in the users table are the same for seckey? Well this simple fix will solve that (not previous hashes but only new ones once the fix is applied).

1) Open up 'app/class.users.php'.
2) Find the following: (Under final public function register())
PHP: 
$this->addUser($template->form->reg_username, $core->hashed($template->form->reg_password), $template->form->reg_email, $_CONFIG['hotel']['motto'], $_CONFIG['hotel']['credits'], $_CONFIG['hotel']['pixels'], 1, $template->form->reg_figure, $template->form->reg_gender, $core->hashed($template->form->reg_key));
3) If you have already customized this code then simply replace the following:
PHP: 
$core->hashed($template->form->reg_key)
With:
PHP: 
$core->hashed($template->form->reg_seckey)

If not you can replace the whole line with the following:
PHP: 
$this->addUser($template->form->reg_username, $core->hashed($template->form->reg_password), $template->form->reg_email, $_CONFIG['hotel']['motto'], $_CONFIG['hotel']['credits'], $_CONFIG['hotel']['pixels'], 1, $template->form->reg_figure, $template->form->reg_gender, $core->hashed($template->form->$core->hashed($template->form->reg_seckey)));

And then you're done, this simple error is now fixed.
 
Sledmore

Sledmore

Chaturbate Livestreamer
Staff member
FindRetros Moderator
Jul 24, 2010
5,199
3,934
Xorflo said:
Just wondering. What does the error do anyway?
Click to expand...

It does what the first post says it does:

Sledmore said:
Have you used this before and noticed how all the hashes in the users table are the same for seckey? Well this simple fix will solve that (not previous hashes but only new ones once the fix is applied).
Click to expand...
 
Sledmore

Sledmore

Chaturbate Livestreamer
Staff member
FindRetros Moderator
Jul 24, 2010
5,199
3,934
Xorflo said:
Hm. Wont cause any major stress or possible breaches I guess? xD
Click to expand...

Well considering by default the security key entered would be blank the users wouldn't be able to reset their passwords, but no on the stress and breaches.
 
Weasel

Weasel

👄 I'd intercept me
Nov 25, 2011
4,135
2,461
As far as I'm aware the security key isn't used for that much in Rev 1.9.9.9 - anyways nice fix, as always, Craig.
 
Sledmore

Sledmore

Chaturbate Livestreamer
Staff member
FindRetros Moderator
Jul 24, 2010
5,199
3,934
Wess said:
As far as I'm aware the security key isn't used for that much in Rev 1.9.9.9 - anyways nice fix, as always, Craig.
Click to expand...


This thread is most likely the answer to why.. And thanks.
 
Weasel

Weasel

👄 I'd intercept me
Nov 25, 2011
4,135
2,461
Sledmore said:
This thread is most likely the answer to why.. And thanks.
Click to expand...

Standard in RevCMS it isn't. Its why I like your post, you make people aware of the use of the security key. People often don't know what to do with it, making a post which fixes it and makes them aware of it, maybe triggers other developers to actually use it.

When you post something, it atleast is usefull. :)
 

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
☀️  Switch to Light Theme

Latest posts

Top