PHPJunkyard support forum


https://developers.phpjunkyard.com/

simple hack for encryption in hesk

https://developers.phpjunkyard.com/viewtopic.php?t=1826

Page 1 of 1

simple hack for encryption in hesk

Posted: Wed Feb 13, 2008 9:29 am
by ashercharles
hai

i desprately wanted to implement md5 cos ,the aliens in my office will try and drill holes ..........i tried on my own and it worked .......



alter table hesk_users modify pass varchar(40) not null;


in admin.php line 67:
code:

/* Check password */
if ($pass!= $_SESSION['pass']) {
hd_session_stop();
hd_error($hdlang['wrong_pass']);
}



change to:
/* Check password */
if ( md5($pass)!= $_SESSION['pass']) {
hd_session_stop();
hd_error($hdlang['wrong_pass']);
}


in profile .php line 146:
$sql = "UPDATE `hd_users` SET `name`='$_SESSION[name]',`email`='$_SESSION[email]',
`signature`='$_SESSION[signature]',`pass`='$_SESSION[pass]',`notify`='$_SESSION[notify]' WHERE `id`='$_SESSION[id]' LIMIT 1";

change to:
$sql = "UPDATE `hd_users` SET `name`='$_SESSION[name]',`email`='$_SESSION[email]',
`signature`='$_SESSION[signature]',`pass`=MD5('$_SESSION[pass]'),`notify`='$_SESSION[notify]' WHERE `id`='$_SESSION[id]' LIMIT 1";


in manage_users.php line 345:
$sql = "INSERT INTO `hd_users` (`user`,`pass`,`isadmin`,`name`,`email`,`signature`,`categories`)
VALUES ('$myuser[user]','$myuser[pass]','$myuser[isadmin]','$myuser[name]',
'$myuser[email]','$myuser[signature]','$myuser[categories]')";

change to:
$sql = "INSERT INTO `hd_users` (`user`,`pass`,`isadmin`,`name`,`email`,`signature`,`categories`)
VALUES ('$myuser[user]',MD5('$myuser[pass]'),'$myuser[isadmin]','$myuser[name]',
'$myuser[email]','$myuser[signature]','$myuser[categories]')";


in manage_users.php line 397:
$sql = "UPDATE `hd_users` SET `user`='$myuser[user]',`name`='$myuser[name]',`email`='$myuser[email]',
`signature`='$myuser[signature]',`pass`= '$myuser[pass]',`categories`='$myuser[categories]',
`isadmin`='$myuser[isadmin]' WHERE `id`=$myuser[id] LIMIT 1";


change to:
$sql = "UPDATE `hd_users` SET `user`='$myuser[user]',`name`='$myuser[name]',`email`='$myuser[email]',
`signature`='$myuser[signature]',`pass`=MD5('$myuser[pass]'),`categories`='$myuser[categories]',
`isadmin`='$myuser[isadmin]' WHERE `id`=$myuser[id] LIMIT 1";


let me know if there is any trouble at all..............

Posted: Wed Feb 13, 2008 2:57 pm
by Klemen
Thanks for sharing, I moved it into the "mods" forum.

By the way, encrypted passwords (MD5 or SHA1) will be included in the next release.

simple hack for encryption in hesk

Posted: Thu Mar 20, 2008 1:38 am
by anointeddan
I tried the encryption and i couldn't logon on to my admin page with my password. But when i reload the old admin.php i'm able to log on. Problaly my password is weak. any suggestion
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited