MD5
2 posts by 2 authors in: Forums > CMS Builder
Last Post: November 6, 2008 (RSS)
By sykomac - November 6, 2008
I am about to import a user database that was created by someone else into my website. However, he has md5 encrypted the passwords. Therefore, when people login to the admin area, I need to md5 encrypt their password before it seaches the user database in order for them to log in. Where and what should I change in order to accompllish this?
Thanks,
Paul
Thanks,
Paul
Re: [sykomac] MD5
By Dave - November 6, 2008
Hi sykomac,
CMS Builder doesn't support storing passwords internally as MD5 checksums.
If you're comfortable with PHP code, you can try to modify it to do that by doing the following:
- Open /cmsAdmin/lib/admin_functions.php
- Save a backup copy of this file
- Search for: $currentUser['password'] (around line 563)
- Replace this line:
$isValidLogin = $currentUser && (md5($currentUser['password']) == $passwordHash) && !$currentUser['isExpired'] && !$currentUser['disabled'];
With this (changes in red):
$isValidPassword = md5($currentUser['password']) == $passwordHash || $currentUser['password'] == $passwordHash;
$isValidLogin = $currentUser && $isValidPassword && !$currentUser['isExpired'] && !$currentUser['disabled'];
Note that this will break other things, such as password reminders will no longer work because they won't be able to send a plaintext password to the user since it won't be stored anywhere. So you'd want to hide or disable that feature as well.
Hope that helps!
CMS Builder doesn't support storing passwords internally as MD5 checksums.
If you're comfortable with PHP code, you can try to modify it to do that by doing the following:
- Open /cmsAdmin/lib/admin_functions.php
- Save a backup copy of this file
- Search for: $currentUser['password'] (around line 563)
- Replace this line:
$isValidLogin = $currentUser && (md5($currentUser['password']) == $passwordHash) && !$currentUser['isExpired'] && !$currentUser['disabled'];
With this (changes in red):
$isValidPassword = md5($currentUser['password']) == $passwordHash || $currentUser['password'] == $passwordHash;
$isValidLogin = $currentUser && $isValidPassword && !$currentUser['isExpired'] && !$currentUser['disabled'];
Note that this will break other things, such as password reminders will no longer work because they won't be able to send a plaintext password to the user since it won't be stored anywhere. So you'd want to hide or disable that feature as well.
Hope that helps!
Dave Edis - Senior Developer
interactivetools.com
interactivetools.com