UPGRADING FROM MD5 TO SHA512 WITH INSTRUCTIONS
Page 1 of 1
UPGRADING FROM MD5 TO SHA512 WITH INSTRUCTIONS
https://app.box.com/s/tsgpakkja4wcfwt5wbbi
- Code:
PLEASE NOTE: THIS IS FOR WI2 BUT CAN BE USED ON ANY SYSTEM BUT THE $VARS MAYBE DIFFERENT!
MORE NOTES: USE AT YOUR OWN RISK ALWAYS BACKUP ALL FILES YOU PLAN TO EDIT JUST IN CASE THEN IF HAPPY BACKUP AGAIN!
the first thing you should do is make sure the password field, and temporary password fields (in useroptions) has at least 255 chars in structure you can edit this password field for this.
Next step...
Now open your functions.php file (included here) and edit the salt, (never change salt while in use).
now make sure you include the functions.php file on login, register / signup pages, and change password pages.
ok now to upgrade from md5 to sha512
Inside your register / signup page you need to comment out your old md5 and put this line in its place uncommented of course)
$p_hash = sha512($p);[/font][/color][/center]
inside your login page you will need to put this in place of the old md5 line (use search to find it)
$p = sha512($_POST['p']);
(i have made all vars now $p even in the test file so that it works and also added a for loop in functions 512 so that rounds can be introduced
now all that remains is the change password page needs the same editing (similar to register / signup pages)
i will assume you know now how to do this but any problems look for md5 in your change password file, and reset password file (normally something like forgot_password.php)
once found the line md5 in these old pages, you should comment out that line (md5) after copying it into clipboard
and than change md5 to sha512.
last notes you may already have members in your system using md5 the best way from md5 to sha512 (without being able to un-encrypt the old md5 stored hash to then re encrypt to the sha512).[/font][/color][/center]
use the test page to generate new sha512 password(s) for your admins to be able to login.[/font][/color][/center]
The only way for your current members is to use a reset password page, hopefully you have one and have included the functions.php page and edited it to work with the sha512, this will enable current members to gain access via there email address with a link.[/font][/color][/center]
so before doing this it is good practice to send an email to all your current members letting them know if they should have any issues with logging in, they should click forgot password to create a new password for this upgrade.[/font][/color][/center]
OK THANKS FOR READING THE NOTES YOU MAY NOW SEE THE ACTUAL FILES THAT WILL HELP YOU. FILES ARE ATTACHED AND BY DOWNLOADING THIS FILE YOU AGREE THAT IT IS TO BE USED AT YOUR OWN RISK, AND ALSO THAT YOU HAVE READ ALL THE INSTRUCTIONS.[/font][/color][/center]
Link to this file can also be found on the following link:
https://app.box.com/s/2fjel1w7trwb26aukak8
New Updated functions
- Code:
function hash512($p = NULL, $rounds = 2503
) {
if (!isset($p)) throw new Exception('No password set!');
$salt = 'NIUGNIU45TNRTGIUGH9I56hy56hy56HUHVUHJ5NT54TJNIOIIIIFD98VGE4NENIU5456h5hth56h5$1^>%>W[=4U5*p|E';
$pepper = '08[)^,&%^^771^=>&,E[XP::4})h*INIUGNIU45TNRTGIUGH9IGT45g566G67R45HB4378YHGT45^&&%^%^^%%^%$^6gh45';
$dinner = $salt . $p . $pepper;
for ($i = 0; $i < $rounds; $i++) {
$dinner = hash('sha512', $dinner . $p);
}
return $dinner;
}
- Attachments
Last edited by jamied_uk on 26th October 2013, 16:36; edited 1 time in total
Re: UPGRADING FROM MD5 TO SHA512 WITH INSTRUCTIONS
For a box.com link to this upgrade you can visit https://app.box.com/s/bqphxs9siqwgb6va3bye
Re: UPGRADING FROM MD5 TO SHA512 WITH INSTRUCTIONS
if you get any errors make sure the function names in functions.php are named correctly, for example if its named sha512 rename to hash512.
also if you have any other errors comment out hash 1024 functions in functions.php file as this is experimental and may not work online but will not give errors on a localhost server.
also if you have any other errors comment out hash 1024 functions in functions.php file as this is experimental and may not work online but will not give errors on a localhost server.
Similar topics
» Freepbx Upgrading Proceedure
» LINUX MINT WITH FULL ENCRYPTION INSTRUCTIONS
» how to use php and sha512
» Linux Python Sha512 Hashing
» BASH Sha512 Password Hashing TUT
» LINUX MINT WITH FULL ENCRYPTION INSTRUCTIONS
» how to use php and sha512
» Linux Python Sha512 Hashing
» BASH Sha512 Password Hashing TUT
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|