Member:
Markus ⋅
Date: September 6, 2011, 02:40 AM
⋅ Subject: "Re: login share integration"
Below is how it seems to be in the version that I have here. I wonder what the heck the md5 is doing there inside the sha1, it just narrows the potentially available hash-pool by eight characters (as 32 vs. 40 chr.). I believe we first used md5 and then upgraded to sha1, and that's one of those countless loose ends I never had time to return to, for other Wiccle priorities that kept emerging until Dec'10 for me.
/core/class_global.php
static function hash_password($pwd, $hash)
{
return sha1(md5($pwd, $hash));
}
/core/ajax/members.php
$hash = Elements::make_hash();
$pass = Utility::hash_password($_POST['member_password'], $hash);
/core/class_elements.php
static function make_hash($seed="")
{
/* Stored under posts.post_hash for ajax reference */
/* Any random string into md5/sha1 mash */
$hash = sha1($seed.date("r").mt_rand());
return $hash;
}
See those files and surrounding code for more. "Remember" cookies are also handled somewhere around there.
If people are lost in the jungles here, I am available for consultation at my regular hourly rate at 80€/h. Regret that I have had to rise it due to now chronic back problems, treatments thereof etc. that come with the code and need to be paid for. I do not work for Wiccle Ltd, nor do I currently have time (neither interest) to invest myself into providing free support; plenty of that done already.
It's a familiar field all the same, and there are dozens of fairly obvious questions here that seem to be going unanswered for months on end... so codesatori@gmail.com is the address for those who need their pending solutions enough to want to pay up a fair price for premium code/advice and working resolutions to all these software troubles.
