MD5Hack
I needed a way to change the way boltwire used passwords on the system. By default (as of 3.11), it used crypt with DES.
I wanted to use a md5 hash instead.
I was able to do this by adding a new function called BOLTXencode into the commands.php file like:
function BOLTXencode($value, $field) {
## FUNCTION ENCODES A VALUE USING THE METHOD OF ENCRYPTIONG SET IN SITE.CONFIG.
global $pageLink, $BOLTarray, $msg, $BOLTid, $BOLTmember, $BOLTfieldKey;
$BOLTcrypt = BOLTconfig('BOLTcrypt');
$BOLTcryptType = BOLTconfig('BOLTcryptType');
if ($BOLTcryptType == "md5") {
$return = md5($value.$BOLTcrypt);
} else {
$return = crypt($value,$BOLTcrypt);
}
return $return;
}
## FUNCTION ENCODES A VALUE USING THE METHOD OF ENCRYPTIONG SET IN SITE.CONFIG.
global $pageLink, $BOLTarray, $msg, $BOLTid, $BOLTmember, $BOLTfieldKey;
$BOLTcrypt = BOLTconfig('BOLTcrypt');
$BOLTcryptType = BOLTconfig('BOLTcryptType');
if ($BOLTcryptType == "md5") {
$return = md5($value.$BOLTcrypt);
} else {
$return = crypt($value,$BOLTcrypt);
}
return $return;
}
Change two functions in commands.php to use it instead of crypt.
BOLTXlogin
Change line:if ((($pass1 == $pass2 || $pass1 == crypt($pass2, $BOLTcrypt)) && ($pass1 != '')) || ($value == 'auto' )){
Look for the word crypt and chage to:
if ((($pass1 == $pass2 || $pass1 == BOLTXencode($pass2, $BOLTcrypt)) && ($pass1 != '')) || ($value == 'auto' )){
BOLTXregister
Change line:f ($BOLTarray['loginfmt'] != "plaintext") $BOLTarray['password'] = crypt($BOLTarray['password'], $BOLTcrypt);
Look for the word crypt and chage to:
f ($BOLTarray['loginfmt'] != "plaintext") $BOLTarray['password'] = BOLTXencode($BOLTarray['password'], $BOLTcrypt);
Change site.conf
You need to add a new variable to site.config called cryptType like:cryptType: md5
Passwords
Of course you have to change the stored passwords in the login.USER files so that they are now in md5 format instead of crypt format. To do that, you need to know what the passwords are.
I've not yet looked at the password change stuff to change that as well to use whatever setting is in site.conf.
PHP Script to output md5 passwords
You can use something like below to get the md5 hash for passwords that you know...<?php
echo '<html><body>';
if (isset($_GET['pp'])) {
$passwd = $_GET['pp'] . 'boltcrypt';
$md5_pass = md5($passwd);
echo '<div style="font-family: monospace;">
<p>Password: ' . $passwd . '<p>
<p>MD5: [' . $md5_pass . ']</p>
</div>';
}
echo '
<form method="get" action="' . $_SERVER['PHP_SELF'] . '">
<input type="text" name="pp" value=""/>
<input type="submit" value="Encode"/>
</form>
<div style="font-size: 110%">
This is NOT a secure script
</div>
';
echo '<html><body>';
if (isset($_GET['pp'])) {
$passwd = $_GET['pp'] . 'boltcrypt';
$md5_pass = md5($passwd);
echo '<div style="font-family: monospace;">
<p>Password: ' . $passwd . '<p>
<p>MD5: [' . $md5_pass . ']</p>
</div>';
}
echo '
<form method="get" action="' . $_SERVER['PHP_SELF'] . '">
<input type="text" name="pp" value=""/>
<input type="submit" value="Encode"/>
</form>
<div style="font-size: 110%">
This is NOT a secure script
</div>
';
