PostNuke

Flexible Content Management System

News

[ News categories | News archive ]

INSciFi.net Upgrades

New Theme and another PostNuke Site

BTEG.Com

MD5 crypt will break your login password


If you use a non-DES crypt as your default crypt, PHP will use it. But PostNuke is hardcoded to use 2 char salt (aka DES salt), so you will unable to login as any users. MD5 uses 12 char salt. PHP sets a constant for the salt length, and it should be used, not hardcoded.





The fix is trivial:





in user.php, Replace:





$pass=crypt($pass,substr($dbpass,0,2));





with:





$pass=crypt($pass,substr


($dbpass,0,CRYPT_SALT_LENGTH));








P.S. PhpNuke also suffers from this I believe.


Eye Candy and Pixel Pushing

7 Nuke Themes Released

USA Survivors.com for helping to heal America

Multilingual patch for postnuke mutant 0.63 modules names

I'm impressed

MPN to PostNuke Conversion - Paid!

First Page Previous Page Page 219 / 277 (2181 - 2190 of 2763 Total) Next Page Last Page

Content