UPGRADING FROM MD5 TO SHA512 WITH INSTRUCTIONS

View previous topic View next topic Go down

UPGRADING FROM MD5 TO SHA512 WITH INSTRUCTIONS

Post by jamied_uk on 10th July 2013, 21:21


https://app.box.com/s/tsgpakkja4wcfwt5wbbi




Code:
PLEASE NOTE: THIS IS FOR WI2 BUT CAN BE USED ON ANY SYSTEM BUT THE $VARS MAYBE DIFFERENT!
MORE NOTES: USE AT YOUR OWN RISK ALWAYS BACKUP ALL FILES YOU PLAN TO EDIT JUST IN CASE THEN IF HAPPY BACKUP AGAIN!


the first thing you should do is make sure the password field, and temporary password fields (in useroptions)  has at least 255 chars in structure you can edit this password field for this.


Next step...


Now open your functions.php file (included here) and edit the salt, (never change salt while in use).


now make sure you include the functions.php file on login, register / signup pages, and change password pages.



ok now to upgrade from md5 to sha512


Inside your register / signup page you need to comment out your old md5 and put this line in its place uncommented of course)


$p_hash = sha512($p);[/font][/color][/center]


inside your login page you will need to put this in place of the old md5 line (use search to find it)


$p = sha512($_POST['p']);

(i have made all vars now $p even in the test file so that it works and also added a for loop in functions 512 so that rounds can be introduced


now all that remains is the change password page needs the same editing (similar to register / signup pages)


i will assume you know now how to do this but any problems look for md5 in your change password file, and reset password file (normally something like forgot_password.php)



once found the line md5 in these old pages, you should comment out that line (md5)  after copying it into clipboard



and than change md5 to sha512.


last notes you may already have members in your system using md5 the best way from md5 to sha512 (without being able to un-encrypt the old md5 stored hash to then re encrypt to the sha512).[/font][/color][/center]

use the test page to generate new sha512 password(s) for your admins to be able to login.[/font][/color][/center]

The only way for your current members is to use a reset password page, hopefully you have one and have included the functions.php page and edited it to work with the sha512, this will enable current members to gain access via there email address with a link.[/font][/color][/center]

so before doing this it is good practice to send an email to all your current members letting them know if they should have any issues with logging in, they should click forgot password to create a new password for this upgrade.[/font][/color][/center]


OK THANKS FOR READING THE NOTES YOU MAY NOW SEE THE ACTUAL FILES THAT WILL HELP YOU. FILES ARE ATTACHED AND BY DOWNLOADING THIS FILE YOU AGREE THAT IT IS TO BE USED AT YOUR OWN RISK, AND ALSO THAT YOU HAVE READ ALL THE INSTRUCTIONS.[/font][/color][/center]


Link to this file can also be found on the following link:

https://app.box.com/s/2fjel1w7trwb26aukak8



New Updated functions


Code:
function hash512($p = NULL, $rounds = 2503
) {
    if (!isset($p)) throw new Exception('No password set!');

    $salt   = 'NIUGNIU45TNRTGIUGH9I56hy56hy56HUHVUHJ5NT54TJNIOIIIIFD98VGE4NENIU5456h5hth56h5$1^>%>W[=4U5*p|E';
    $pepper = '08[)^,&%^^771^=>&,E[XP::4})h*INIUGNIU45TNRTGIUGH9IGT45g566G67R45HB4378YHGT45^&&%^%^^%%^%$^6gh45';
    $dinner = $salt . $p . $pepper;

    for ($i = 0; $i < $rounds; $i++) {
        $dinner = hash('sha512', $dinner . $p);
    }
    return $dinner;
}

Attachments
UPGRADE_MD5_TO_SHA512.zip Files for this secuirty Upgrade from MD5 TO SHA512You don't have permission to download attachments.(12 Kb) Downloaded 0 times


Last edited by jamied_uk on 26th October 2013, 16:36; edited 1 time in total
avatar
jamied_uk
Admin

Posts : 2155
Join date : 2010-05-09
Age : 34
Location : UK

http://address-shortner.co.uk

Back to top Go down

Re: UPGRADING FROM MD5 TO SHA512 WITH INSTRUCTIONS

Post by jamied_uk on 5th August 2013, 21:28

For a box.com link to this upgrade you can visit https://app.box.com/s/bqphxs9siqwgb6va3bye
avatar
jamied_uk
Admin

Posts : 2155
Join date : 2010-05-09
Age : 34
Location : UK

http://address-shortner.co.uk

Back to top Go down

Re: UPGRADING FROM MD5 TO SHA512 WITH INSTRUCTIONS

Post by jamied_uk on 10th August 2013, 19:09

if you get any errors make sure the function names in functions.php are named correctly, for example if its named sha512 rename to hash512.


also if you have any other errors comment out hash 1024 functions in functions.php file as this is experimental and may not work online but will not give errors on a localhost server.
avatar
jamied_uk
Admin

Posts : 2155
Join date : 2010-05-09
Age : 34
Location : UK

http://address-shortner.co.uk

Back to top Go down

Re: UPGRADING FROM MD5 TO SHA512 WITH INSTRUCTIONS

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum