PC & IT SUPPORT MADE EASY FORUM
Would you like to react to this message? Create an account in a few clicks or log in to continue.

UPGRADING FROM MD5 TO SHA512 WITH INSTRUCTIONS

Go down

UPGRADING FROM MD5 TO SHA512 WITH INSTRUCTIONS Empty UPGRADING FROM MD5 TO SHA512 WITH INSTRUCTIONS

Post by jamied_uk 10th July 2013, 21:21


https://app.box.com/s/tsgpakkja4wcfwt5wbbi




Code:
PLEASE NOTE: THIS IS FOR WI2 BUT CAN BE USED ON ANY SYSTEM BUT THE $VARS MAYBE DIFFERENT!
MORE NOTES: USE AT YOUR OWN RISK ALWAYS BACKUP ALL FILES YOU PLAN TO EDIT JUST IN CASE THEN IF HAPPY BACKUP AGAIN!


the first thing you should do is make sure the password field, and temporary password fields (in useroptions)  has at least 255 chars in structure you can edit this password field for this.


Next step...


Now open your functions.php file (included here) and edit the salt, (never change salt while in use).


now make sure you include the functions.php file on login, register / signup pages, and change password pages.



ok now to upgrade from md5 to sha512


Inside your register / signup page you need to comment out your old md5 and put this line in its place uncommented of course)


$p_hash = sha512($p);[/font][/color][/center]


inside your login page you will need to put this in place of the old md5 line (use search to find it)


$p = sha512($_POST['p']);

(i have made all vars now $p even in the test file so that it works and also added a for loop in functions 512 so that rounds can be introduced


now all that remains is the change password page needs the same editing (similar to register / signup pages)


i will assume you know now how to do this but any problems look for md5 in your change password file, and reset password file (normally something like forgot_password.php)



once found the line md5 in these old pages, you should comment out that line (md5)  after copying it into clipboard



and than change md5 to sha512.


last notes you may already have members in your system using md5 the best way from md5 to sha512 (without being able to un-encrypt the old md5 stored hash to then re encrypt to the sha512).[/font][/color][/center]

use the test page to generate new sha512 password(s) for your admins to be able to login.[/font][/color][/center]

The only way for your current members is to use a reset password page, hopefully you have one and have included the functions.php page and edited it to work with the sha512, this will enable current members to gain access via there email address with a link.[/font][/color][/center]

so before doing this it is good practice to send an email to all your current members letting them know if they should have any issues with logging in, they should click forgot password to create a new password for this upgrade.[/font][/color][/center]


OK THANKS FOR READING THE NOTES YOU MAY NOW SEE THE ACTUAL FILES THAT WILL HELP YOU. FILES ARE ATTACHED AND BY DOWNLOADING THIS FILE YOU AGREE THAT IT IS TO BE USED AT YOUR OWN RISK, AND ALSO THAT YOU HAVE READ ALL THE INSTRUCTIONS.[/font][/color][/center]


Link to this file can also be found on the following link:

https://app.box.com/s/2fjel1w7trwb26aukak8



New Updated functions


Code:
function hash512($p = NULL, $rounds = 2503
) {
    if (!isset($p)) throw new Exception('No password set!');

    $salt   = 'NIUGNIU45TNRTGIUGH9I56hy56hy56HUHVUHJ5NT54TJNIOIIIIFD98VGE4NENIU5456h5hth56h5$1^>%>W[=4U5*p|E';
    $pepper = '08[)^,&%^^771^=>&,E[XP::4})h*INIUGNIU45TNRTGIUGH9IGT45g566G67R45HB4378YHGT45^&&%^%^^%%^%$^6gh45';
    $dinner = $salt . $p . $pepper;

    for ($i = 0; $i < $rounds; $i++) {
        $dinner = hash('sha512', $dinner . $p);
    }
    return $dinner;
}

Attachments
UPGRADING FROM MD5 TO SHA512 WITH INSTRUCTIONS Attachment
UPGRADE_MD5_TO_SHA512.zip Files for this secuirty Upgrade from MD5 TO SHA512You don't have permission to download attachments.(12 Kb) Downloaded 0 times


Last edited by jamied_uk on 26th October 2013, 16:36; edited 1 time in total
jamied_uk
jamied_uk
Admin

Posts : 2942
Join date : 2010-05-09
Age : 41
Location : UK

https://jnet.sytes.net

Back to top Go down

UPGRADING FROM MD5 TO SHA512 WITH INSTRUCTIONS Empty Re: UPGRADING FROM MD5 TO SHA512 WITH INSTRUCTIONS

Post by jamied_uk 5th August 2013, 21:28

For a box.com link to this upgrade you can visit https://app.box.com/s/bqphxs9siqwgb6va3bye
jamied_uk
jamied_uk
Admin

Posts : 2942
Join date : 2010-05-09
Age : 41
Location : UK

https://jnet.sytes.net

Back to top Go down

UPGRADING FROM MD5 TO SHA512 WITH INSTRUCTIONS Empty Re: UPGRADING FROM MD5 TO SHA512 WITH INSTRUCTIONS

Post by jamied_uk 10th August 2013, 19:09

if you get any errors make sure the function names in functions.php are named correctly, for example if its named sha512 rename to hash512.


also if you have any other errors comment out hash 1024 functions in functions.php file as this is experimental and may not work online but will not give errors on a localhost server.
jamied_uk
jamied_uk
Admin

Posts : 2942
Join date : 2010-05-09
Age : 41
Location : UK

https://jnet.sytes.net

Back to top Go down

UPGRADING FROM MD5 TO SHA512 WITH INSTRUCTIONS Empty Re: UPGRADING FROM MD5 TO SHA512 WITH INSTRUCTIONS

Post by Sponsored content


Sponsored content


Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum