[REVCMS] Change Password Hashing

[Diddy8000]

Hello all, I'm intergrating Radipanel into RevCMS and I decided that Radipanel's password hashing is better than RevCMS's So i wish to change RevCMS to have radipanel's hashing.

Here is radipanel's hashing:

public function encrypt( $string ) {
          
            global $vars;

            //let's md5 that salt and the string.
            $salt1  = md5( $params['core']['salt1'] );
            $salt2  = md5( $params['core']['salt2'] );
            $string = md5( $string );

            //stick them together.
            $string = $salt1 . $salt1 . $salt2 . $string . $salt2 . $salt1;

            //sha1 then md5 them again.
            $string = sha1( $string );
            $string = md5( $string );

            return $string;
      
        }

How would I change revcms's to be like that, current revcms's below:

final public function hashed($password) {
            return md5($password);
        }

@Sledmore ?

Thanks for any help

 

[Sledmore]

Use password_hash, it's a much better choice.

You must be registered for see links

However, if you want to use that just replace Revs with:

final public function hashed($password) {

//let's md5 that salt and the string.
$salt1 = md5( $params['core']['salt1'] );
$salt2 = md5( $params['core']['salt2'] );
$password= md5( $password);

//stick them together.
$password= $salt1 . $salt1 . $salt2 . $password. $salt2 . $salt1;

//sha1 then md5 them again.
$password= sha1( $password);
$password= md5( $password);

return $string;

}

Replace both:

$params['core']['salt1']
$params['core']['salt2']

With the salts.

 

[Diddy8000]

Done this and it's not working @Sledmore

final public function hashed($password) {
           
        $params['salt1']   = "e08cee1efd";
        $params['salt2']   = "fcf1945631";
       
        //let's md5 that salt and the string.
        $salt1 = md5( $params['salt1'] );
        $salt2 = md5( $params['salt2'] );
        $password= md5( $password);

        //stick them together.
        $password= $salt1 . $salt1 . $salt2 . $password. $salt2 . $salt1;

        //sha1 then md5 them again.
        $password= sha1( $password);
        $password= md5( $password);

        return $password;

        }

 

[BIOS]

Hello all, I'm intergrating Radipanel into RevCMS and I decided that Radipanel's password hashing is better than RevCMS's So i wish to change RevCMS to have radipanel's hashing.

Here is radipanel's hashing:

public function encrypt( $string ) {
         
            global $vars;

            //let's md5 that salt and the string.
            $salt1  = md5( $params['core']['salt1'] );
            $salt2  = md5( $params['core']['salt2'] );
            $string = md5( $string );

            //stick them together.
            $string = $salt1 . $salt1 . $salt2 . $string . $salt2 . $salt1;

            //sha1 then md5 them again.
            $string = sha1( $string );
            $string = md5( $string );

            return $string;
     
        }

How would I change revcms's to be like that, current revcms's below:

final public function hashed($password) {
            return md5($password);
        }

@Sledmore ?

Thanks for any help

It's not worth the trouble updating it to that as both of the algorithms used in the function aren't impenetrable and have been known to have a number of flaws.

If you still want to update the hashing then you could try PBKDF2/bcrypt or alternatively use a library for hashing.