The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/showthread.php 28 require_once





× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
MD5 password Login
#11
Oops. Found a bug in user_settings.php.

Use this one...
https://hastebin.com/itifiludiw.xml
  Reply
#12
I updated the md5.zip with the bug fix if anyone else tries this in the future.
  Reply
#13
Don't worry I will be, and I'll test it extremely shortly, thank you so much.
  Reply
#14
Hey!
Just started testing this and it works fine, I can't seem to get admin_users.php to work though, comes up with a HTTP ERROR 500.
  Reply
#15
Do you have an HT access file? That is almost always what causes that. try renaming it to something else and seeing if the problem goes away
  Reply
#16
Nginx so htaccess don't work
  Reply
#17
Sorry about that. Here's a patch for admin_users.php

https://hastebin.com/eromubikas.xml
  Reply
#18
I'm understanding this deploy, but I think your best option (obviously your choice to do this or not) is to create a notice indicating "If you've never logged in before" or whatever, go here, when they do, type in email, username, etc your choice and then on that custom page, have a box to enter their password, on post md5 and check it against the drop you have in the DB, and then if it validates the md5 hash, ask them to change their password, or keep it the same, (reenter it) and it will bcrypt it.

Hopefully that makes sense, I am strongly with mudmin on the security risk of doing this though. You would definitely be in your best interest to get your users passwords changed asap to work with the systems normal functionality.

The problem with modifying the core files of UserSpice is updates. I have to manually publish each update to my system and code edit every file (for the most part) because I made changes I shouldn't have and I'm too lazy to move them elsewhere like I should have.

Best of luck with your project!
  Reply
#19
Hi thanks for that mudmmin,

Is there any important updates from the latest release that I may need? I've just about got everything fully functional with minor edits being made to accommodate my database so was wondering if any crucial things on the newest update are needed?
  Reply
#20
You don't really need those changes. They are basically just telling people what the limits are for max/min password length and enforcing them.

Basically you'll have to look at updates that use those few files and decide if you care about those features/fixes.
  Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)