The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/printthread.php 16 require_once
Warning [2] Undefined property: MyLanguage::$archive_pages - Line: 2 - File: printthread.php(287) : eval()'d code PHP 8.2.25 (Linux)
File Line Function
/printthread.php(287) : eval()'d code 2 errorHandler->error
/printthread.php 287 eval
/printthread.php 117 printthread_multipage



UserSpice
MD5 password Login - Printable Version

+- UserSpice (https://userspice.com/forums)
+-- Forum: Support Center (https://userspice.com/forums/forumdisplay.php?fid=23)
+--- Forum: UserSpice 4.3 and Below (https://userspice.com/forums/forumdisplay.php?fid=26)
+--- Thread: MD5 password Login (/showthread.php?tid=530)

Pages: 1 2 3

MD5 password Login - mudmin - 04-17-2017

Oops. Found a bug in user_settings.php.

Use this one...
https://hastebin.com/itifiludiw.xml

MD5 password Login - mudmin - 04-17-2017

I updated the md5.zip with the bug fix if anyone else tries this in the future.


MD5 password Login - Jamie - 04-17-2017

Don't worry I will be, and I'll test it extremely shortly, thank you so much.

MD5 password Login - Jamie - 04-17-2017

Hey!
Just started testing this and it works fine, I can't seem to get admin_users.php to work though, comes up with a HTTP ERROR 500.

MD5 password Login - dan - 04-17-2017

Do you have an HT access file? That is almost always what causes that. try renaming it to something else and seeing if the problem goes away

MD5 password Login - Jamie - 04-17-2017

Nginx so htaccess don't work

MD5 password Login - mudmin - 04-17-2017

Sorry about that. Here's a patch for admin_users.php

https://hastebin.com/eromubikas.xml

MD5 password Login - Brandin - 04-17-2017

I'm understanding this deploy, but I think your best option (obviously your choice to do this or not) is to create a notice indicating "If you've never logged in before" or whatever, go here, when they do, type in email, username, etc your choice and then on that custom page, have a box to enter their password, on post md5 and check it against the drop you have in the DB, and then if it validates the md5 hash, ask them to change their password, or keep it the same, (reenter it) and it will bcrypt it.

Hopefully that makes sense, I am strongly with mudmin on the security risk of doing this though. You would definitely be in your best interest to get your users passwords changed asap to work with the systems normal functionality.

The problem with modifying the core files of UserSpice is updates. I have to manually publish each update to my system and code edit every file (for the most part) because I made changes I shouldn't have and I'm too lazy to move them elsewhere like I should have.

Best of luck with your project!

MD5 password Login - Jamie - 04-18-2017

Hi thanks for that mudmmin,

Is there any important updates from the latest release that I may need? I've just about got everything fully functional with minor edits being made to accommodate my database so was wondering if any crucial things on the newest update are needed?

MD5 password Login - mudmin - 04-18-2017

You don't really need those changes. They are basically just telling people what the limits are for max/min password length and enforcing them.

Basically you'll have to look at updates that use those few files and decide if you care about those features/fixes.