[HELP] Using BrainCMS DB with RevCMS

Status
Not open for further replies.
chiefqueef

chiefqueef

gooby pls
Jan 8, 2012
404
104
I am trying to switch to revcms from braincms without my users losing any data i followed a tutorial to add bcrypt to revcms which worked but the old passwords dont work as its hashing them differently w bcrypt

revcms class.core.php
You must be registered for see links


revcms class.user.php
You must be registered for see links


braincms class.user.php
You must be registered for see links


thanks
 
Sort by date Sort by votes
Weasel

Weasel

👄 I'd intercept me
Nov 25, 2011
4,132
2,456
Replace userValidation within class.user.php with:
PHP: 
final public function userValidation($username, $rawPassword)
{
    global $engine, $core;

    $storedPassword = $engine->result("SELECT `password` FROM `users` WHERE `username` = '" . $username . "' LIMIT 1");

    if ($storedPassword == md5($rawPassword)) {
        $this->updateUser($this->getID($username), 'password', $core->hashed($rawPassword));
        
        return true;
    } else {
        return password_verify($rawPassword, $storedPassword);
    }
}

And replace login within class.user.php with:
PHP: 
final public function login()
{
    global $template, $_CONFIG, $core;
  
    if (isset($_POST['login'])) {
        $template->form->setData();
        unset($template->form->error);
      
        if ($this->nameTaken($template->form->log_username)) {
            if ($this->isBanned($template->form->log_username) == false
                || $this->isBanned($_SERVER['REMOTE_ADDR']) == false
            ) {
                if ($this->userValidation($template->form->log_username, $template->form->log_password)) {
                    $this->turnOn($template->form->log_username);
                    $this->updateUser($_SESSION['user']['id'], 'ip_current', $_SERVER['REMOTE_ADDR']);
                    $template->form->unsetData();
                    header('Location: ' . $_CONFIG['hotel']['url'] . '/me');
                    exit;
                } else {
                    $template->form->error = 'Details do not match';
                    return;
                }
            } else {
                $template->form->error = 'Sorry, it appears this user is banned<br />';
                $template->form->error .= 'Reason: ' . $this->getReason($template->form->log_username);
                return;
            }
        } else {
            $template->form->error = 'Username does not exist';
            return;
        }
    }
}

And for all the future readers, don't follow any tutorial that has the following piece of code, because it's wrong and will create a security risk.
PHP: 
return password_verify($password);
You must be registered for see links
 
Upvote 0 Downvote
chiefqueef

chiefqueef

gooby pls
Jan 8, 2012
404
104
Wess said:
Replace userValidation within class.user.php with:
PHP: 
final public function userValidation($username, $rawPassword)
{
    global $engine, $core;

    $storedPassword = $engine->result("SELECT `password` FROM `users` WHERE `username` = '" . $username . "' LIMIT 1");

    if ($storedPassword == md5($rawPassword)) {
        $this->updateUser($this->getID($username), 'password', $core->hashed($rawPassword));
       
        return true;
    } else {
        return password_verify($rawPassword, $storedPassword);
    }
}

And replace login within class.user.php with:
PHP: 
final public function login()
{
    global $template, $_CONFIG, $core;
 
    if (isset($_POST['login'])) {
        $template->form->setData();
        unset($template->form->error);
     
        if ($this->nameTaken($template->form->log_username)) {
            if ($this->isBanned($template->form->log_username) == false
                || $this->isBanned($_SERVER['REMOTE_ADDR']) == false
            ) {
                if ($this->userValidation($template->form->log_username, $template->form->log_password)) {
                    $this->turnOn($template->form->log_username);
                    $this->updateUser($_SESSION['user']['id'], 'ip_current', $_SERVER['REMOTE_ADDR']);
                    $template->form->unsetData();
                    header('Location: ' . $_CONFIG['hotel']['url'] . '/me');
                    exit;
                } else {
                    $template->form->error = 'Details do not match';
                    return;
                }
            } else {
                $template->form->error = 'Sorry, it appears this user is banned<br />';
                $template->form->error .= 'Reason: ' . $this->getReason($template->form->log_username);
                return;
            }
        } else {
            $template->form->error = 'Username does not exist';
            return;
        }
    }
}

And for all the future readers, don't follow any tutorial that has the following piece of code, because it's wrong and will create a security risk.
PHP: 
return password_verify($password);
You must be registered for see links
Click to expand...

thanks a lot for this bro it worked a treat :D
 
Upvote 0 Downvote
Status
Not open for further replies.

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
☀️  Switch to Light Theme

Latest posts

Top