12-22-2016, 01:07 AM
Source: https://greysec.net/showthread.php?tid=387
First up, we're gonna test your server to see how many rounds would be suitable for your server.
Download this file and place it into your root directory. Now navigate to yourforum.tld/rbieyj.php and record the result. It should look something like this:
Create a directory inside /inc/datahandlers named bcrypt
Download this zip file and extract the contents into your freshly made bcrypt folder.
Edit the bcrypt.php file to appropriately reflect the cost you found earlier in the tutorial (the rounds variable).
Now for the fun parts c:
In inc/datahandlers/login.php replace:
with:
in inc/datahandlers/user.php
replace:
with:
in inc/functions_user.php
replace:
with:
replace:
with:
in member.php
replace:
with
First up, we're gonna test your server to see how many rounds would be suitable for your server.
Download this file and place it into your root directory. Now navigate to yourforum.tld/rbieyj.php and record the result. It should look something like this:
Code:
Appropriate Cost Found: (number)
Create a directory inside /inc/datahandlers named bcrypt
Download this zip file and extract the contents into your freshly made bcrypt folder.
Edit the bcrypt.php file to appropriately reflect the cost you found earlier in the tutorial (the rounds variable).
Now for the fun parts c:
In inc/datahandlers/login.php replace:
Code:
if($salted_password !== $this->login_data['password'])
{
$this->invalid_combination(true);
return false;
Code:
if(strlen($this->login_data['password']) == 32) {
//if the password is still using md5
if($salted_password != $this->login_data['password'])
{
$this->invalid_combination(true);
return false;
} else {
//update the password to bcrypt
include_once(dirname(__FILE__)."/bcrypt/bcrypt.php");
$hasher = new BcryptHasher;
$sql_array = array(
"password" => $hasher->make($user['password'])
);
$db->update_query("users", $sql_array, "uid = '{$this->login_data['uid']}'");
}
} else {
include_once(dirname(__FILE__)."/bcrypt/bcrypt.php");
$hasher = new BcryptHasher;
if(!$hasher->check($user['password'], $this->login_data['password'])) {
$this->invalid_combination(true);
return false;
}
in inc/datahandlers/user.php
replace:
Code:
// MD5 the password
$user['md5password'] = md5($user['password']);
// Generate our salt
$user['salt'] = generate_salt();
// Combine the password and salt
$user['saltedpw'] = salt_password($user['md5password'], $user['salt']);
with:
Code:
$user['salt'] = "dong"; // hacky fix that works
//return a bcrypt hash
include_once(dirname(__FILE__)."/bcrypt/bcrypt.php");
$hasher = new BcryptHasher;
$user['saltedpw'] = $hasher->make($user['password']);
in inc/functions_user.php
replace:
Code:
if(salt_password(md5($password), $user['salt']) === $user['password'])
{
return $user;
}
else
{
return false;
with:
Code:
if(strlen($user['password']) == 32) {
if(salt_password(md5($password), $user['salt']) == $user['password'])
{
include_once(dirname(__FILE__)."/datahandlers/bcrypt/bcrypt.php");
$hasher = new BcryptHasher;
$user['password'] = $hasher->make($password);
$sql_array = array(
"password" => $user['password']
);
$db->update_query("users", $sql_array, "uid = '{$user['uid']}'");
return $user;
}
else
{
return false;
}
} else {
include_once(dirname(__FILE__)."/datahandlers/bcrypt/bcrypt.php");
$hasher = new BcryptHasher;
if(!$hasher->check($password, $user['password'])) {
$this->invalid_combination(true);
return false;
} else {
return $user;
}
replace:
Code:
$saltedpw = salt_password($password, $salt);
with:
Code:
// replace salted password with bcrypt
include_once(dirname(__FILE__)."/datahandlers/bcrypt/bcrypt.php");
$hasher = new BcryptHasher;
$saltedpw = $hasher->make($password);
in member.php
replace:
Code:
$logindetails = update_password($user['uid'], md5($password), $user['salt']);
with
Code:
$logindetails = update_password($user['uid'], $password, $user['salt']);