Reply to thread

Message

<blockquote data-quote="OMRetros" data-source="post: 390164" data-attributes="member: 52579">How can I convert password in core from MD5 to SHA1? I got a new cms that is in md5 but my user accounts are in SHA1. Help would be appreciated.New CMS (MD5/BCRYPT):[CODE]class User&nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; public static function checkUser($password, $passwordDb, $username)&nbsp; &nbsp; &nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; if (substr($passwordDb, 0, 1) == &quot;$&quot;)&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; if (password_verify($password, $passwordDb))&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; return true;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; return false;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; else&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; if (md5($password) == $passwordDb)&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; $updateUserHash = DB::Query(&quot;UPDATE users SET password = '&quot;.self::hashed($password).&quot;' WHERE username = '&quot;.filter(DB::Escape($username)).&quot;'&quot;);&nbsp; &nbsp; &nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; return true;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; return false;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; &nbsp; &nbsp; public static function hashed($password)&nbsp; &nbsp; &nbsp; &nbsp; {&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; return password_hash($password, PASSWORD_BCRYPT);&nbsp; &nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; &nbsp; &nbsp; public static function validName($username)&nbsp; &nbsp; &nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; if(strlen($username) &lt;= 12 &amp;&amp; strlen($username) &gt;= 3 &amp;&amp; ctype_alnum($username))&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; return true;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; return false;&nbsp; &nbsp; &nbsp; &nbsp; }[/CODE]OLD CMS - SHA1:[PHP]function ValidateUser($username, $password)&nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; return mysql_num_rows(dbquery(&quot;SELECT null FROM users WHERE username = '&quot; . $username . &quot;' AND password = '&quot; . $password. &quot;' LIMIT 1&quot;));&nbsp; &nbsp; }&nbsp; &nbsp; &nbsp; &nbsp; function UserHash($password, $username)&nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; return sha1(md5($password) . strtolower($username));&nbsp; &nbsp; }&nbsp; &nbsp; &nbsp; &nbsp; function HasNewCrypto($username)&nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; if(mysql_result(mysql_query(&quot;SELECT newcrypto FROM users WHERE username = '&quot; . $username . &quot;'&quot;), 0) == &quot;0&quot;)&nbsp; &nbsp; &nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; return true;&nbsp; &nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; &nbsp; &nbsp; return false;&nbsp; &nbsp; }&nbsp; &nbsp; &nbsp; &nbsp; function CryptoValidate($username, $password)&nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; return mysql_num_rows(dbquery(&quot;SELECT null FROM users WHERE username = '&quot; . $username . &quot;' AND password = '&quot; . $password. &quot;' LIMIT 1&quot;));&nbsp; &nbsp; }&nbsp; &nbsp; [/PHP]My objective is to have the new CMS working with my old accounts securely. I do not want to be hacked and I heard md5 is not secure. Thank you!</blockquote>

[QUOTE="OMRetros, post: 390164, member: 52579"] How can I convert password in core from MD5 to SHA1? I got a new cms that is in md5 but my user accounts are in SHA1. Help would be appreciated. New CMS (MD5/BCRYPT): [CODE]class User { public static function checkUser($password, $passwordDb, $username) { if (substr($passwordDb, 0, 1) == "$") { if (password_verify($password, $passwordDb)) { return true; } return false; } else { if (md5($password) == $passwordDb) { $updateUserHash = DB::Query("UPDATE users SET password = '".self::hashed($password)."' WHERE username = '".filter(DB::Escape($username))."'"); return true; } return false; } } public static function hashed($password) { return password_hash($password, PASSWORD_BCRYPT); } public static function validName($username) { if(strlen($username) <= 12 && strlen($username) >= 3 && ctype_alnum($username)) { return true; } return false; }[/CODE] OLD CMS - SHA1: [PHP]function ValidateUser($username, $password) { return mysql_num_rows(dbquery("SELECT null FROM users WHERE username = '" . $username . "' AND password = '" . $password. "' LIMIT 1")); } function UserHash($password, $username) { return sha1(md5($password) . strtolower($username)); } function HasNewCrypto($username) { if(mysql_result(mysql_query("SELECT newcrypto FROM users WHERE username = '" . $username . "'"), 0) == "0") { return true; } return false; } function CryptoValidate($username, $password) { return mysql_num_rows(dbquery("SELECT null FROM users WHERE username = '" . $username . "' AND password = '" . $password. "' LIMIT 1")); } [/PHP] My objective is to have the new CMS working with my old accounts securely. I do not want to be hacked and I heard md5 is not secure. Thank you! [/QUOTE]

Verification

Reply to thread

Connect with us

Newest members