hai
i desprately wanted to implement md5 cos ,the aliens in my office will try and drill holes ..........i tried on my own and it worked .......
alter table hesk_users modify pass varchar(40) not null;
in admin.php line 67:
code:
/* Check password */
if ($pass!= $_SESSION['pass']) {
hd_session_stop();
hd_error($hdlang['wrong_pass']);
}
change to:
/* Check password */
if ( md5($pass)!= $_SESSION['pass']) {
hd_session_stop();
hd_error($hdlang['wrong_pass']);
}
in profile .php line 146:
$sql = "UPDATE `hd_users` SET `name`='$_SESSION[name]',`email`='$_SESSION[email]',
`signature`='$_SESSION[signature]',`pass`='$_SESSION[pass]',`notify`='$_SESSION[notify]' WHERE `id`='$_SESSION[id]' LIMIT 1";
change to:
$sql = "UPDATE `hd_users` SET `name`='$_SESSION[name]',`email`='$_SESSION[email]',
`signature`='$_SESSION[signature]',`pass`=MD5('$_SESSION[pass]'),`notify`='$_SESSION[notify]' WHERE `id`='$_SESSION[id]' LIMIT 1";
in manage_users.php line 345:
$sql = "INSERT INTO `hd_users` (`user`,`pass`,`isadmin`,`name`,`email`,`signature`,`categories`)
VALUES ('$myuser[user]','$myuser[pass]','$myuser[isadmin]','$myuser[name]',
'$myuser[email]','$myuser[signature]','$myuser[categories]')";
change to:
$sql = "INSERT INTO `hd_users` (`user`,`pass`,`isadmin`,`name`,`email`,`signature`,`categories`)
VALUES ('$myuser[user]',MD5('$myuser[pass]'),'$myuser[isadmin]','$myuser[name]',
'$myuser[email]','$myuser[signature]','$myuser[categories]')";
in manage_users.php line 397:
$sql = "UPDATE `hd_users` SET `user`='$myuser[user]',`name`='$myuser[name]',`email`='$myuser[email]',
`signature`='$myuser[signature]',`pass`= '$myuser[pass]',`categories`='$myuser[categories]',
`isadmin`='$myuser[isadmin]' WHERE `id`=$myuser[id] LIMIT 1";
change to:
$sql = "UPDATE `hd_users` SET `user`='$myuser[user]',`name`='$myuser[name]',`email`='$myuser[email]',
`signature`='$myuser[signature]',`pass`=MD5('$myuser[pass]'),`categories`='$myuser[categories]',
`isadmin`='$myuser[isadmin]' WHERE `id`=$myuser[id] LIMIT 1";
let me know if there is any trouble at all..............
simple hack for encryption in hesk
Moderator: mkoch227
Thanks for sharing, I moved it into the "mods" forum.
By the way, encrypted passwords (MD5 or SHA1) will be included in the next release.
By the way, encrypted passwords (MD5 or SHA1) will be included in the next release.
Klemen, creator of HESK and PHPJunkyardWas this helpful? You can buy me a drink here 
You should follow me on Twitter here
Help desk software | Cloud help desk | Guestbook | Link manager | Click counter | more PHP Scripts ...
Also browse for php hosting companies, read php books, find php resources and use webmaster tools
You should follow me on Twitter hereHelp desk software | Cloud help desk | Guestbook | Link manager | Click counter | more PHP Scripts ...
Also browse for php hosting companies, read php books, find php resources and use webmaster tools
-
anointeddan
- Posts: 3
- Joined: Thu Mar 20, 2008 1:25 am
simple hack for encryption in hesk
I tried the encryption and i couldn't logon on to my admin page with my password. But when i reload the old admin.php i'm able to log on. Problaly my password is weak. any suggestion
anointed Dan