Password error RevCMS

Status
Not open for further replies.

Baloe20xd

Member
Feb 26, 2016
55
7
Just a small question ...

Does anyone know a solution for this?:

I used BrainCMS and now RevCMS, only he does not pick up the passwords anymore ... He says wrong password while I type it 100% well ... (if you log in) But it has something to do with my hash ?? How it saves the passwords or something ...

Does anyone know what I can do about it that picks the passwords again?
 

JayC

Well-Known Member
Aug 8, 2013
5,505
1,401
Change your encryption to the same that braincms used. Compare their hash to revcms and braincms encryption methods in the if statement using an OR. Then right before assigning the session, if their password was right and their password hash is equal to revcms encryption, take their inputted password and hash it for braincms encryption.

[ Compare If revHash($pass) == dbPass OR If brainHash($pass) == dbPass){
If(revHash($pass)){
[Update users password in database to brainHash($pass)]
}
//login
}
 

Baloe20xd

Member
Feb 26, 2016
55
7
Change your encryption to the same that braincms used. Compare their hash to revcms and braincms encryption methods in the if statement using an OR. Then right before assigning the session, if their password was right and their password hash is equal to revcms encryption, take their inputted password and hash it for braincms encryption.

[ Compare If revHash($pass) == dbPass OR If brainHash($pass) == dbPass){
If(revHash($pass)){
[Update users password in database to brainHash($pass)]
}
//login
}

Will you be able to help me with this? Here is my class.core.php:

 

JynX

Posting Freak
Feb 6, 2016
710
438
Brain uses Bcrypt as a hash so the post Jay posted is completely irrelevant for the most part. Share your class.users.php with us and I'll take a look.
 

JynX

Posting Freak
Feb 6, 2016
710
438
class.users.php -
class.core.php -

100% credits to Wess for this because I knew he did it on a thread and I just did the changes for you. :)
 

Baloe20xd

Member
Feb 26, 2016
55
7
class.users.php -
class.core.php -

100% credits to Wess for this because I knew he did it on a thread and I just did the changes for you. :)

Thank you for the assistance!! Really appreciate it!
But after I have made it, does not it still work? ...
I can get 1 user from the database if you can test it?
 

JayC

Well-Known Member
Aug 8, 2013
5,505
1,401
Brain uses Bcrypt as a hash so the post Jay posted is completely irrelevant for the most part. Share your class.users.php with us and I'll take a look.

Um my post is not irrelevant ?

I told him to look at his login method on braincms and see how it encrypts it
Look at his login method on revcms and see how it encrypts it

Try to log the user in with both encryption methods.

If login works, and the encryption is the standard revcms (which is usually just MD5 or SHA1) then take their input and hash it as Braincms and update their value

This way will protect the users who have registered since he changed his cms...

Not fucking irrelevant , the proper way to prevent more errors.

Secondly,
The code you shared is just using MD5 which is highly unsecure. Read your code before you just copy and paste.
Code:
final public function userValidation($username, $rawPassword)
    {
        global $engine, $core;

        $storedPassword = $engine->result("SELECT `password` FROM `users` WHERE `username` = '" . $username . "' LIMIT 1");

        if ($storedPassword == md5($rawPassword))
        {
            $this->updateUser($this->getID($username), 'password', $core->hashed($rawPassword));
            
            return true;
        }
        else
        {
            return password_verify($rawPassword, $storedPassword);
        }
    }

I would help more but I'm on my phone
 

JynX

Posting Freak
Feb 6, 2016
710
438
Um my post is not irrelevant ?

I told him to look at his login method on braincms and see how it encrypts it
Look at his login method on revcms and see how it encrypts it

Try to log the user in with both encryption methods.

If login works, and the encryption is the standard revcms (which is usually just MD5 or SHA1) then take their input and hash it as Braincms and update their value


This way will protect the users who have registered since he changed his cms...

Not fucking irrelevant , the proper way to prevent more errors.

Secondly,
The code you shared is just using MD5 which is highly unsecure. Read your code before you just copy and paste.
Code:
final public function userValidation($username, $rawPassword)
    {
        global $engine, $core;

        $storedPassword = $engine->result("SELECT `password` FROM `users` WHERE `username` = '" . $username . "' LIMIT 1");

        if ($storedPassword == md5($rawPassword))
        {
            $this->updateUser($this->getID($username), 'password', $core->hashed($rawPassword));
          
            return true;
        }
        else
        {
            return password_verify($rawPassword, $storedPassword);
        }
    }

I would help more but I'm on my phone
First off, read my post next time as I clearly stated it was NOT my code. Second off it does work as if you could read, the first line checks if the password in the database matches the MD5 form of the inputted password. If it does, it returns true and updates their password with a BCRYPT form of the inputted password. If it does not match the MD5 form (meaning it's not encrypted in MD5) then it will check if it can verify it using password_verify($inputtedPassword, $storedPassword). Clearly, you don't know how to read a line of code considering that's clearly how that entire validation function works. Also, as for the irrelevant thing, my bad read your first post wrong. Either way, the function does what it should do. Maybe you should not use your phone to read code that you cannot comprehend.

Read here:
 

JayC

Well-Known Member
Aug 8, 2013
5,505
1,401
First off, read my post next time as I clearly stated it was NOT my code. Second off it does work as if you could read, the first line checks if the password in the database matches the MD5 form of the inputted password. If it does, it returns true and updates their password with a BCRYPT form of the inputted password. If it does not match the MD5 form (meaning it's not encrypted in MD5) then it will check if it can verify it using password_verify($inputtedPassword, $storedPassword). Clearly, you don't know how to read a line of code considering that's clearly how that entire validation function works. Also, as for the irrelevant thing, my bad read your first post wrong. Either way, the function does what it should do. Maybe you should not use your phone to read code that you cannot comprehend.

Read here:
I read that it wasn't your code. When I was tracing from the user class to the core class for the password verifier I thinks that is where I made the mistake. Like I said, on my phone, so I did misread it. However my post above was relevant and is the same thing you just posted for him to use, however mine would have required him to do the work. Thanks for citing your source
 
Status
Not open for further replies.

Users who are viewing this thread

Top