Convert - Illumina 2.0.2 Zap to RevCMS [ Help ]

Rain

c
Mar 13, 2015
563
251
You have to edit the RevCMS function to this:
PHP:
final public function hashed($password, $username)
{
   return sha1(md5($password) . strtolower($username));
}
And go through the whole cms (Just the class.users.php i think) and edit the function to add the username variable, and illumina hashes with username.
i.e rev would go: $core->hashed($password);
you'll need to edit that to $core->hashed($password, $username);
Make sure the username variable is defined, and that it is not null.
 

Muff

Member
Aug 5, 2015
252
129
You have to edit the RevCMS function to this:
PHP:
final public function hashed($password, $username)
{
   return sha1(md5($password) . strtolower($username));
}
And go through the whole cms (Just the class.users.php i think) and edit the function to add the username variable, and illumina hashes with username.
i.e rev would go: $core->hashed($password);
you'll need to edit that to $core->hashed($password, $username);
Make sure the username variable is defined, and that it is not null.
Thank you @_Josh and @Hooters i'll be sure to try them out right now :)
 

Rebel

Spilling the tea, can't you read?🍵
Dec 24, 2015
186
161
Let me know how you go bud
It didn't work.

This is what happens.
9bb6b40d20c0dff61ce16331dbed5b58.png


RevCMS Class.Users
PHP:
<?php

namespace Revolution;
if(!defined('IN_INDEX')) { die('Sorry, you cannot access this file.'); }
class users implements iUsers
{
   
    /*-------------------------------Authenticate-------------------------------------*/
   
    final public function isLogged()
    {
        if(isset($_SESSION['user']['id']))
        {
            return true;
        }
       
        return false;
    }
   
    /*-------------------------------Checking of submitted data-------------------------------------*/
   
    final public function validName($username)     
    {
        if(strlen($username) <= 25 && ctype_alnum($username))         
         {             
             return true;         
         }                 
         
         return false;     
    }         
         
    final public function validEmail($email)     
    {         
        return preg_match("/^[a-z0-9_\.-]+@([a-z0-9]+([\-]+[a-z0-9]+)*\.)+[a-z]{2,7}$/i", $email);     
    }         
   
    final public function validSecKey($seckey)
    {
        if(is_numeric($seckey) && strlen($seckey) == 4)
        {
            return true;
        }
       
        return false;
    }
   
    final public function nameTaken($username)     
    {         
         global $engine;         
         
        if($engine->num_rows("SELECT * FROM users WHERE username = '" . $username . "' LIMIT 1") > 0)
        {
            return true;
        }     
       
        return false;
    }
   
    final public function emailTaken($email)
    {
        global $engine;
       
        if($engine->num_rows("SELECT * FROM users WHERE mail = '" . $email . "' LIMIT 1") > 0)
        {
            return true;
        }
       
        return false;
    }
       
    final public function userValidation($username, $password)
    {         
        global $engine;
        if($engine->num_rows("SELECT * FROM users WHERE username = '" . $username . "' AND password = '" . $password . "' LIMIT 1") > 0)
        {
            return true;
        }     
         
        return false;
    }         
   
    /*-------------------------------Stuff related to bans-------------------------------------*/
   
    final public function isBanned($value)
    {
        global $engine;
        if($engine->num_rows("SELECT * FROM bans WHERE value = '" . $value . "' LIMIT 1") > 0)
        {
            return true;
        }
           
        return false;
    }
   
    final public function getReason($value)
    {
        global $engine;
        return $engine->result("SELECT reason FROM bans WHERE value = '" . $value . "' LIMIT 1");
    }
   
    final public function hasClones($ip)
    {
        global $engine;
        if($engine->num_rows("SELECT * FROM users WHERE ip_reg = '" . $_SERVER['REMOTE_ADDR'] . "'") == 1)
        {
            return true;
        }
       
        return false;
    }
   
    /*-------------------------------Login or Register user-------------------------------------*/
   
    final public function register()
    {
        global $core, $template, $_CONFIG;
       
        if(isset($_POST['register']))
        {
            unset($template->form->error);
           
            $template->form->setData();
               
            if($this->validName($template->form->reg_username))
            {
                if(!$this->nameTaken($template->form->reg_username))
                {
                    if($this->validEmail($template->form->reg_email))
                    {
                        if(!$this->emailTaken($template->form->reg_email))
                        {
                            if(strlen($template->form->reg_password) > 6)
                            {
                                if($template->form->reg_password == $template->form->reg_rep_password)
                                {
                                    if(isset($template->form->reg_seckey))
                                    {
                                        if($this->validSecKey($template->form->reg_seckey))
                                        {
                                            //Continue
                                        }
                                        else
                                        {
                                            $template->form->error = 'Secret key must only have 4 numbers';
                                            return;
                                        }
                                    }
                                    if($this->isBanned($_SERVER['REMOTE_ADDR']) == false)
                                    {
                                        if(!$this->hasClones($_SERVER['REMOTE_ADDR']))
                                        {
                                            if(!isset($template->form->reg_gender)) { $template->form->reg_gender = 'M'; }
                                            if(!isset($template->form->reg_figure)) { $template->form->reg_figure = $_CONFIG['hotel']['figure']; }
                                       
                                            $this->addUser($template->form->reg_username, $core->hashed($template->form->reg_password), $template->form->reg_email, $_CONFIG['hotel']['motto'], $_CONFIG['hotel']['credits'], $_CONFIG['hotel']['pixels'], 1, $template->form->reg_figure, $template->form->reg_gender, $core->hashed($template->form->reg_key));
                           
                                            $this->turnOn($template->form->reg_username);
                                   
                                            header('Location: ' . $_CONFIG['hotel']['url'] . '/me');
                                            exit;
                                        }
                                        else
                                        {
                                            $template->form->error = 'Sorry, but you cannot register twice';
                                        }
                                    }
                                    else
                                    {
                                        $template->form->error = 'Sorry, it appears you are IP banned.<br />';
                                        $template->form->error .= 'Reason: ' . $this->getReason($_SERVER['REMOTE_ADDR']);
                                        return;
                                    }
                                }
                                else   
                                {
                                    $template->form->error = 'Password does not match repeated password';
                                    return;
                                }

                            }
                            else
                            {
                                $template->form->error = 'Password must have more than 6 characters';
                                return;
                            }
                        }
                        else
                        {
                            $template->form->error = 'Email: <b>' . $template->form->reg_email . '</b> is already registered';
                            return;
                        }
                    }
                    else
                    {
                        $template->form->error = 'Email is not valid';
                        return;
                    }
                }
                else
                {
                    $template->form->error = 'Username is already registered';
                    return;
                }
            }
            else
            {
                $template->form->error = 'Username is invalid';
                return;
            }
        }
    }   
   
    final public function login()
    {
        global $template, $_CONFIG, $core;
       
        if(isset($_POST['login']))
        {
            $template->form->setData();
            unset($template->form->error);
           
            if($this->nameTaken($template->form->log_username))
            {
                if($this->isBanned($template->form->log_username) == false || $this->isBanned($_SERVER['REMOTE_ADDR']) == false)
                {
                    if($this->userValidation($template->form->log_username, $core->hashed($template->form->log_password)))
                    {
                        $this->turnOn($template->form->log_username);
                        $this->updateUser($_SESSION['user']['id'], 'ip_last', $_SERVER['REMOTE_ADDR']);
                        $template->form->unsetData();
                        header('Location: ' . $_CONFIG['hotel']['url'] . '/me');
                        exit;
                    }
                    else
                    {
                        $template->form->error = 'Details do not match';
                        return;
                    }
                }
                else
                {
                    $template->form->error = 'Sorry, it appears this user is banned<br />';
                    $template->form->error .= 'Reason: ' . $this->getReason($template->form->log_username);
                    return;
                }
            }
            else
            {
                $template->form->error = 'Username does not exist';
                return;
            }
        }
    }
   
    final public function loginHK()
    {
        global $template, $_CONFIG, $core;
       
        if(isset($_POST['login']))
        {   
            $template->form->setData();
            unset($template->form->error);
           
            if(isset($template->form->username) && isset($template->form->password))
            {
                if($this->nameTaken($template->form->username))
                {     
                    if($this->userValidation($template->form->username, $core->hashed($template->form->password)))
                    {
                        if(($this->getInfo($_SESSION['user']['id'], 'rank')) >= 4)
                        {
                            $_SESSION["in_hk"] = true;
                            header("Location:".$_CONFIG['hotel']['url']."/ase/main");
                            exit;
                        }
                        else
                        {
                            $template->form->error = 'Incorrect access level.';
                            return;
                        }
                    }
                    else
                    {
                        $template->form->error = 'Incorrect password.';
                        return;
                    }       
                }
                else
                {
                    $template->form->error = 'User does not exist.';
                    return;
                }
            }
   
            $template->form->unsetData();
        }
    }   
   
    final public function help()
    {
        global $template, $_CONFIG;
        $template->form->setData();
       
        if(isset($template->form->help))
        {
            $to = $_CONFIG['hotel']['email'];
             $subject = "Help from RevCMS user - " . $this->getInfo($_SESSION['user']['id'], 'username');
             $body = $template->form->question;
                 
             if (mail($to, $subject, $body))
             {
                 $template->form->error = 'Message successfully sent! We will answer you shortly!';
             }
             else
             {
                   $template->form->error = 'Message delivery failed.';
             }
        }
    }

    /*-------------------------------Account settings-------------------------------------*/
   
    final public function updateAccount()
    {
        global $template, $_CONFIG, $core, $engine;
       
        if(isset($_POST['account']))
        {
       
            if(isset($_POST['acc_motto']) && strlen($_POST['acc_motto']) < 30 && $_POST['acc_motto'] != $this->getInfo($_SESSION['user']['id'], 'motto'))
            {
                $this->updateUser($_SESSION['user']['id'], 'motto', $engine->secure($_POST['acc_motto']));
                header('Location: '.$_CONFIG['hotel']['url'].'/account');
                exit;
            }
            else
            {
                $template->form->error = 'Motto is invalid.';
            }
           
            if(isset($_POST['acc_email']) && $_POST['acc_email'] != $this->getInfo($_SESSION['user']['id'], 'mail'))
            {
                if($this->validEmail($_POST['acc_email']))
                {
                    $this->updateUser($_SESSION['user']['id'], 'mail', $engine->secure($_POST['acc_email']));
                    header('Location: '.$_CONFIG['hotel']['url'].'/account');
                    exit;
                }
                else
                {
                    $template->form->error = 'Email is not valid';
                    return;
                }
            }
           
            if(!empty($_POST['acc_old_password']) && !empty($_POST['acc_new_password']))
            {
                if($this->userValidation($this->getInfo($_SESSION['user']['id'], 'username'), $core->hashed($_POST['acc_old_password'])))
                {
                    if(strlen($_POST['acc_new_password']) >= 8)
                    {
                        $this->updateUser($_SESSION['user']['id'], 'password', $core->hashed($_POST['acc_new_password']));
                        header('Location: '.$_CONFIG['hotel']['url'].'/me');
                        exit;
                    }
                    else
                    {
                        $template->form->error = 'New password is too short';
                        return;
                    }
                }
                else
                {
                    $template->form->error = 'Current password is wrong';
                    return;
                }
            }
        }       
    }
       
       
    final public function turnOn($k)
    {   
        $j = $this->getID($k);
        $this->createSSO($j);
        $_SESSION['user']['id'] = $j;   
        $this->cacheUser($j);   
        unset($j);
    }
   
    /*-------------------------------Loggin forgotten-------------------------------------*/     
   
    final public function forgotten()
    {
       
    }
   
    /*-------------------------------Create SSO auth_ticket-------------------------------------*/
   
    final public function createSSO($k)     
    {         
        $sessionKey = 'RevCMS-'.rand(9,999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
       
        $this->updateUser($k, 'auth_ticket', $sessionKey);
       
        unset($sessionKey);
    }     
       
    /*-------------------------------Adding/Updating/Deleting users-------------------------------------*/
   
    final public function addUser($username, $password, $email, $motto, $credits, $pixels, $rank, $figure, $gender, $seckey)     
    {         
        global $engine;                                   
        $sessionKey = 'RevCMS-'.rand(9,999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
        $engine->query("INSERT INTO users (username, password, mail, motto, credits, activity_points, rank, look, gender, seckey, ip_last, ip_reg, account_created, last_online, auth_ticket) VALUES('" . $username . "', '" . $password . "', '" . $email . "', '" . $motto . "', '" . $credits . "', '" . $pixels . "', '" . $rank . "', '" . $figure . "', '" . $gender . "', '" . $seckey . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . time() . "', '" . time() . "', '" . $sessionKey . "')");     
        unset($sessionKey);   
                     
    }                 
         
    final public function deleteUser($k)     
    {         
        global $engine;                 
         $engine->query("DELETE FROM users WHERE id = '" . $k . "' LIMIT 1");         
         $engine->query("DELETE FROM items WHERE userid = '" . $k . "' LIMIT 1");         
        $engine->query("DELETE FROM rooms WHERE ownerid = '" . $k . "' LIMIT 1");     
    }     
         
    final public function updateUser($k, $key, $value)     
    {         
         global $engine;                 
         $engine->query("UPDATE users SET " . $key . " = '" . $engine->secure($value) . "' WHERE id = '" . $k . "' LIMIT 1");
         $_SESSION['user'][$key] = $engine->secure($value);       
    }
   
    /*-------------------------------Handling user information-------------------------------------*/     
   
    final public function cacheUser($k)
    {
        global $engine;             
        $userInfo = $engine->fetch_assoc("SELECT username, rank, motto, mail, credits, activity_points, look, auth_ticket, ip_last FROM users WHERE id = '" . $k . "' LIMIT 1");
       
        foreach($userInfo as $key => $value)
        {
            $this->setInfo($key, $value);
        }
    }   
   
    final public function setInfo($key, $value)
    {
        global $engine;
        $_SESSION['user'][$key] = $engine->secure($value);
    }

    final public function getInfo($k, $key)
    {
        global $engine;
        if(!isset($_SESSION['user'][$key]))
        {
            $value = $engine->result("SELECT $key FROM users WHERE id = '" . $engine->secure($k) . "' LIMIT 1");
            if($value != null)
            {           
                $this->setInfo($key, $value);
            }
        }
           
        return $_SESSION['user'][$key];
    }
   
   
   
    /*-------------------------------Get user ID or Username-------------------------------------*/
   
    final public function getID($k)     
    {         
        global $engine;         
        return $engine->result("SELECT id FROM users WHERE username = '" . $engine->secure($k) . "' LIMIT 1");     
    }         
   
    final public function getUsername($k)
    {
        global $engine;
        return $this->getInfo($_SESSION['user']['id'], 'username');
    }
   
}
?>
 

Rain

c
Mar 13, 2015
563
251
find this: $core->hashed($_POST['acc_new_password']))
replace with this: $core->hashed($_POST['acc_new_password'], $this->getInfo($_SESSION['user']['id'], 'username'))

find this: $core->hashed($_POST['acc_old_password'])
Replace with this: $core->hashed($_POST['acc_old_password'], $this->getInfo($_SESSION['user']['id'], 'username'))

find this: $core->hashed($template->form->password)
Replace with this: $core->hashed($template->form->password, $template->form->username)

find this: $core->hashed($template->form->log_password)
Replace with this: $core->hashed($template->form->log_password, $template->form->log_username)

find this: $core->hashed($template->form->reg_password)
Replace with this: $core->hashed($template->form->reg_password, $template->form->reg_username)

Make sure you do so, and that your hashed function is this:
PHP:
final public function hashed($password, $username)
{
   return sha1(md5($password) . strtolower($username));
}
 

Rebel

Spilling the tea, can't you read?🍵
Dec 24, 2015
186
161
find this: $core->hashed($_POST['acc_new_password']))
replace with this: $core->hashed($_POST['acc_new_password'], $this->getInfo($_SESSION['user']['id'], 'username'))

find this: $core->hashed($_POST['acc_old_password'])
Replace with this: $core->hashed($_POST['acc_old_password'], $this->getInfo($_SESSION['user']['id'], 'username'))

find this: $core->hashed($template->form->password)
Replace with this: $core->hashed($template->form->password, $template->form->username)

find this: $core->hashed($template->form->log_password)
Replace with this: $core->hashed($template->form->log_password, $template->form->log_username)

find this: $core->hashed($template->form->reg_password)
Replace with this: $core->hashed($template->form->reg_password, $template->form->reg_username)

Make sure you do so, and that your hashed function is this:
PHP:
final public function hashed($password, $username)
{
   return sha1(md5($password) . strtolower($username));
}
I did all the steps you gave me now I get this.
9bb6b40d20c0dff61ce16331dbed5b58.png
 

JayC

Well-Known Member
Aug 8, 2013
5,505
1,401
na na na ignore every thread this is what you need to do, I did this myself before I shut my hotel down

Step 1) User Logs In (Meaning they submit their form)

Step 2) Save whatever they inputted into a temp variable, and try to login with the old password script. If they login go to Step 3, if they don't go to step 4

Step 3) Call to another method that then takes that "temp" variable, encodes it in the new format, and puts it into their password field , so next time they login they will be going essentially to step 4

Step 4) Users Logged In

What these posts are suggesting before this is you changing your password hash WITHOUT updating what you currently have in your database. Doing this will allow users to login temporarily using both encryption methods. After a month or 2, make sure you change it to just run on 1.
 

Rain

c
Mar 13, 2015
563
251
na na na ignore every thread this is what you need to do, I did this myself before I shut my hotel down

Step 1) User Logs In (Meaning they submit their form)

Step 2) Save whatever they inputted into a temp variable, and try to login with the old password script. If they login go to Step 3, if they don't go to step 4

Step 3) Call to another method that then takes that "temp" variable, encodes it in the new format, and puts it into their password field , so next time they login they will be going essentially to step 4

Step 4) Users Logged In

What these posts are suggesting before this is you changing your password hash WITHOUT updating what you currently have in your database. Doing this will allow users to login temporarily using both encryption methods. After a month or 2, make sure you change it to just run on 1.
I don't know what the heck you have been smoking.. Not only was your explanation very poor, but what I think you're suggesting is to overwrite users passwords if the has doesn't match.. Meaning i could login to any users account??
I was showing him how to make RevCMS hash passwords like illumina. (Because illumina hashes the password with the username).

@SavageKing - I PM'ed you my skype. Add me and I'll update the hashing for you.
 

JayC

Well-Known Member
Aug 8, 2013
5,505
1,401
I don't know what the heck you have been smoking.. I showing him how to make RevCMS hash passwords like illumina. (Because illumina hashes the password with the username).

@SavageKing - I PM'ed you my skype. Add me and I'll update the hashing for you.
No, he asked how can he convert his current database password encryption FROM ABC to XYZ, And I am giving him the steps necessary for him to learn himself. This is the correct way to do this, he wants to keep his current database and I am telling him how he can do that without causing any errors, so before you go putting your 2 cents where they don't belong don't tell me that I'm wrong lol.
 

Rain

c
Mar 13, 2015
563
251
No, he asked how can he convert his current database password encryption FROM ABC to XYZ, And I am giving him the steps necessary for him to learn himself. This is the correct way to do this, he wants to keep his current database and I am telling him how he can do that without causing any errors, so before you go putting your 2 cents where they don't belong don't tell me that I'm wrong lol.
Dude.. The passwords are hashed with username...............
You can easily edit rev to hash with username & sha1.....
Do you even PHP?
 

JayC

Well-Known Member
Aug 8, 2013
5,505
1,401
BTW he says "I'm using IlluminaCMS" meaning he doesn't want rev to encrypt with username he wants to remove that extra encryption and just do MD5. Do you even read before you open your mouth?
Dude.. The passwords are hashed with username...............
You can easily edit rev to hash with username & sha1.....
Do you even PHP?
Okay since your little brain doesn't comprehend how coding works, I am going to break this down EVEN SMALLER so this little guy here Josh can understand.

Illuminia CMS current encryption:
Code:
public function userHash($password, $username)
{
return sha1(md5($password) . strtolower($username));
}
}

RevCMS current Encryption:
Code:
final public function hashed($password) {
return md5($password);
}

Okay so we are on illuminia now, so picture a nice illuminia cms register page
Little Tommy comes along and registers. He puts in his username and his repeated password and presses "Register"

So the PHP code says OH! Tommy ! Let me insert you into my database
So it calls the hash method and says sha1(md5($password) . strtolower($username));
So now this is what we did:
Tommys Password -> MD5 Encryption -> takes username lowercase and adds to tommys encrypted password -> SHA1 the whole string

So now we have tommys great SHA1 + MD5 Encrypted password sitting in my database.

Now here is what I don't understand, he clearly states that he wants to remove all the extra encryption that happens and just do MD5 encryption that RevCMS does

How do I convert Illumina Users Hashing, to RevCMS, so users don't have to make a new account.

Meaning that little tommys SHA1 + MD5 password needs to REMOVE the SHA1

So how do we do that?

Follow my previous steps ^_^
 

Rain

c
Mar 13, 2015
563
251
BTW he says "I'm using IlluminaCMS" meaning he doesn't want rev to encrypt with username he wants to remove that extra encryption and just do MD5. Do you even read before you open your mouth?

Okay since your little brain doesn't comprehend how coding works, I am going to break this down EVEN SMALLER so this little guy here Josh can understand.

Illuminia CMS current encryption:
Code:
public function userHash($password, $username)
{
return sha1(md5($password) . strtolower($username));
}
}

RevCMS current Encryption:
Code:
final public function hashed($password) {
return md5($password);
}

Okay so we are on illuminia now, so picture a nice illuminia cms register page
Little Tommy comes along and registers. He puts in his username and his repeated password and presses "Register"

So the PHP code says OH! Tommy ! Let me insert you into my database
So it calls the hash method and says sha1(md5($password) . strtolower($username));
So now this is what we did:
Tommys Password -> MD5 Encryption -> takes username lowercase and adds to tommys encrypted password -> SHA1 the whole string

So now we have tommys great SHA1 + MD5 Encrypted password sitting in my database.

Now here is what I don't understand, he clearly states that he wants to remove all the extra encryption that happens and just do MD5 encryption that RevCMS does

How do I convert Illumina Users Hashing, to RevCMS, so users don't have to make a new account.

Meaning that little tommys SHA1 + MD5 password needs to REMOVE the SHA1

So how do we do that?

Follow my previous steps ^_^
No you retard. He wants to use RevCMS but users passwords are hashed using illumina's hashing. Easiest way to move to rev is to edit rev's hashing...
Why take such a complicated approach when you can simply update rev's hashing to illumina's, which is better anyway :p

Don't call urself a web developer when your hotel looked uglier than ur mother smells
 
Last edited:

JayC

Well-Known Member
Aug 8, 2013
5,505
1,401
No you retard. He wants to use RevCMS but users passwords are hashed using illumina's hashing. Easiest way to move to rev is to edit rev's hashing...
Why take such a complicated approach when you can simply update rev's hashing to illumina's, which is better anyway :p
My point still stands, mine is the easy route. You take your old encryption, you test to see if the users password matches the old encryption. Yes - You reencrypt their password No - You log them in normally. DONE.
 

Rain

c
Mar 13, 2015
563
251
My point still stands, mine is the easy route. You take your old encryption, you test to see if the users password matches the old encryption. Yes - You reencrypt their password No - You log them in normally. DONE.
Why not use the new encryption and be done with it? LOL
It requires an easy few edits and encryption with username is better than just MD5 anyway.
 

Users who are viewing this thread

Top