[Beta 1.5.0] Proper Crypt Mod

[GodFarmer]

Proper Crypt Mod
Version: 0.1 Alpha (proof of concept)

Author: GodFarmer

This is a mod to make the way crypt is used for encrypting passwords more secure.

Check my endless efforts in convincing the YaBB SE team of this for more info:
http://www.yabbse.org/community/index.php?board=142;action=display;threadid=16428

What is does:
Uses the crypt function as described in the PHP manual. This has the effect that password verification is backwards compatible for passwords stored by the old
procedure. When storing new passwords, what PHP considers as the default encryption type is used (probably MD5 on new systems) with a random salt.

modification.mod:

Code Select Expand

<file>
Reminder.php
</file>

<search>
$cryptpassword = crypt($password,substr($password,0,2));
</search>

<replace>
$cryptpassword = crypt($password);
</replace>

<file>
Sources/LogInOut.php
</file>

<search>
   $passwrd = crypt($passwrd, substr($passwrd, 0, 2));

   if (mysql_num_rows($request) == 0)
      fatal_error($txt[40] . ' - ' . htmlspecialchars($user) . ': ' . htmlspecialchars($attempt));
   else
   {
      $settings = mysql_fetch_row($request);
</search>

<replace>
   if (mysql_num_rows($request) == 0)
      fatal_error($txt[40] . ' - ' . htmlspecialchars($user) . ': ' . htmlspecialchars($attempt));
   else
   {
      $settings = mysql_fetch_row($request);
      $passwrd = crypt($passwrd, $settings[0]);
</replace>

<file>
Sources/Profile.php
</file>

<search>
      if ($settings[0] != crypt($member['oldpasswrd'], substr($member['oldpasswrd'], 0, 2)))
</search>

<replace>
      if ($settings[0] != crypt($member['oldpasswrd'], $settings[0]))
</replace>

<search>
         $queryPasswdPart="passwd='" . crypt($member['passwrd1'], substr($member['passwrd1'], 0, 2)) . "',";
</search>

<replace>
         $queryPasswdPart="passwd='" . crypt($member['passwrd1']) . "',";
</replace>

<search>
         $queryPasswdPart = "passwd='" . crypt($pswd, substr($pswd, 0, 2)) . "'";
</search>

<replace>
         $queryPasswdPart = "passwd='" . crypt($pswd) . "'";
</replace>

<file>
Sources/Register.php
</file>

<search>
   $queryPasswdPart = crypt($member['passwrd1'], substr($member['passwrd1'], 0, 2));
</search>

<replace>
   $queryPasswdPart = crypt($member['passwrd1']);
</replace>

modification.txt

Code Select Expand

Proper Crypt Mod
0.1 Alpha

Author: GodFarmer

This is a mod to make the way crypt is used for encrypting passwords more secure.

See my endless efforts in convincing the YaBB SE team of this for more info:
http://www.yabbse.org/community/index.php?board=142;action=display;threadid=16428

What is does:
Uses the crypt function as described in the PHP manual. This has the effect that
password verification is backwards compatible for passwords stored by the old
procedure. When storing new passwords, what PHP considers as the default encryption
type is used (probably MD5 on new systems) with a random salt.


[[Unknown]]

Well, I don't know if you mind... but I put this up on my package server.

Package Server: http://gbaetc.homeip.net/yypack
YaBBpak: http://gbaetc.homeip.net/yypack/propercrypt.mod.yp
Boardmod: http://gbaetc.homeip.net/yypack/propercrypt.mod
Zip File: http://gbaetc.homeip.net/yypack/propercrypt.zip

This way it's uninstallable.... if you mind I'll take it off.

-[Unknown]

[GodFarmer]

Thanks!
Bruno.