MD5

2 posts by 2 authors in: Forums > CMS Builder
Last Post: November 6, 2008   (RSS)

Re: [sykomac] MD5

By Dave - November 6, 2008

Hi sykomac,

CMS Builder doesn't support storing passwords internally as MD5 checksums.

If you're comfortable with PHP code, you can try to modify it to do that by doing the following:

- Open /cmsAdmin/lib/admin_functions.php
- Save a backup copy of this file
- Search for: $currentUser['password'] (around line 563)
- Replace this line:

$isValidLogin = $currentUser && (md5($currentUser['password']) == $passwordHash) && !$currentUser['isExpired'] && !$currentUser['disabled'];

With this (changes in red):

$isValidPassword = md5($currentUser['password']) == $passwordHash || $currentUser['password'] == $passwordHash;
$isValidLogin = $currentUser && $isValidPassword && !$currentUser['isExpired'] && !$currentUser['disabled'];

Note that this will break other things, such as password reminders will no longer work because they won't be able to send a plaintext password to the user since it won't be stored anywhere. So you'd want to hide or disable that feature as well.

Hope that helps!
Dave Edis - Senior Developer
interactivetools.com