Bravo List
Register
Go Back   > Bravo List > Source Code > Archived Trackers > Project U-232
View Poll Results: NEW tracker source: Project U-232
I will give it a try 440 77.33%
No, i`m using another source 72 12.65%
XAM is my hero, i`m sticking to Template Shares 57 10.02%
Voters: 569. You may not vote on this poll

Closed Thread
  #421  
Old 1st December 2017, 07:49
DND DND is offline
VIP
 
Join Date: Dec 2008
Posts: 1,241
Default
Vinnie stop being an ass !
U-232 might be using md5 but it is using with a salt key every time.
when its the last time you heard about sites using this and gettin' hacked?
jesus christ..just read/think before you post.
__________________
Need HELP!? I can install:

  1. Server/VPS (Debian,CentOS,Ubuntu,Fedora, FreeBSD) Optimization and ... + Modules
  2. Webserver Windows/Linux (Apache/Lighttpd/Nginx/Mysql/PhpMyAdmin/SSL) Optimization and ... + Modules
  3. Seedbox Windows/Linux (uTorrent,rTorrent,libTorrent,ruTorrent) + Modules
  4. Multiple source code engines
  5. Linux Server Administration (security, cryptography/encryption, proxy, load balancer, custom ddos firewall)
  #422  
Old 1st December 2017, 08:50
Ladbexy Ladbexy is offline
Senior Member
 
Join Date: Oct 2010
P2P
Posts: 24
Default
Quote:
Originally Posted by Vinnie981 View Post
U232 uses a outdated password hashing method. https://github.com/Bigjoos/U-232-V5/..._functions.php

Being on V5 already I am suggesting that this be a priority issue and that U232 goes with the standard PHP bcrypt method.
Well sure it might uses md5 hashing methods but at least they made it open source,and they don't talk shit for other sources like you,which you develop an source but you have it closed to the public.
  #423  
Old 1st December 2017, 16:21
Bigjoos's Avatar
Bigjoos Bigjoos is offline
U-232 Dev
 
Join Date: May 2008
United Kingdom
Posts: 244
Default
I created an updated make_passhash_login_key function 3-4 years ago think it was, used a random MYCRYPT salt and password_hash(PASSWORD_BYCRYPT, just never implemented it.
Will update it when we release next major update in coming months. Its priority is low, unique salted md5 is no pushover if that's what you actually think.
  #424  
Old 1st December 2017, 20:10
HDVinnie's Avatar
HDVinnie HDVinnie is offline
BluCrew
 
Join Date: Dec 2014
P2P
Posts: 140
Default
lol I figured the butt hurt flaming would come..........no disrespect was meant. Glad its on your list big. Not saying its a downfall but if making u232 php7 ready, mysql5.7 ready with strict mode support I would think would take use of the bcrypt is all.

Bump:
Quote:
Originally Posted by Ladbexy View Post
Well sure it might uses md5 hashing methods but at least they made it open source,and they don't talk shit for other sources like you,which you develop an source but you have it closed to the public.
really? where did I talk shit?
  #425  
Old 1st December 2017, 21:46
Bigjoos's Avatar
Bigjoos Bigjoos is offline
U-232 Dev
 
Join Date: May 2008
United Kingdom
Posts: 244
Default
I understand where your coming from vinnie, no problem at all. I've had a lot going on real life but I'm finally getting my head back into code. You can be assured it will be addressed soon, codes been on the test server for ages.

Last edited by Bigjoos; 5th December 2017 at 21:18.
  #426  
Old 31st January 2018, 15:55
Botanicar's Avatar
Botanicar Botanicar is offline
Senior Member
 
Join Date: Jun 2013
Croatia
Posts: 127
Default LogIn problems
@Bigjoos why I have this problem on login to U-232....

my password and username is correct 100%, an I register a new name too, but it's same problem

Click the image to open in full size.
  #427  
Old 31st January 2018, 20:59
DND DND is offline
VIP
 
Join Date: Dec 2008
Posts: 1,241
Default
did you tried recover to see if you can login with the password generated by the system ?
__________________
Need HELP!? I can install:

  1. Server/VPS (Debian,CentOS,Ubuntu,Fedora, FreeBSD) Optimization and ... + Modules
  2. Webserver Windows/Linux (Apache/Lighttpd/Nginx/Mysql/PhpMyAdmin/SSL) Optimization and ... + Modules
  3. Seedbox Windows/Linux (uTorrent,rTorrent,libTorrent,ruTorrent) + Modules
  4. Multiple source code engines
  5. Linux Server Administration (security, cryptography/encryption, proxy, load balancer, custom ddos firewall)
  #428  
Old 31st January 2018, 21:47
Bigjoos's Avatar
Bigjoos Bigjoos is offline
U-232 Dev
 
Join Date: May 2008
United Kingdom
Posts: 244
Default
Quote:
Originally Posted by Botanicar View Post
@Bigjoos why I have this problem on login to U-232....
Well we updated the password hashing on test site a while ago but stopped short of full completion because password_hash is not backward compatible with php 5.4 <, so that creates issues for long term users that have servers set up already that don't want the hassle of updating something that's not broken as such. resetpw.php will update you fine but you would to have sent a hint and answer on usercp.

If anyone needs me to reset password just post here or fire me a pm here or on my forum.

Next release has different methods being developed on the test server but to be honest I know how tight the current u-232 login cookie system is, every hash generated is unique and requires more than crunching through millions of iterations, anyhoo that's irrelevant ha ha. Next release has a lot being changed or updated daily on the test server which will inadvertently cause signup/login problems until its all completed, we want to be sure the method we use is backward compatible and also stronger than current system.

Last edited by Bigjoos; 31st January 2018 at 22:14.
  #429  
Old 31st January 2018, 22:29
darkalchemy darkalchemy is offline
Administrator
 
Join Date: Dec 2017
United States
Posts: 101
Default
Quote:
Originally Posted by Bigjoos View Post
Well we updated the password hashing on test site a while ago but stopped short of full completion because password_hash is not backward compatible with php 5.4 <, so that creates issues for long term users that have servers set up already that don't want the hassle of updating something that's not broken as such. resetpw.php will update you fine but you would to have sent a hint and answer on usercp.

If anyone needs me to reset password just post here or fire me a pm here or on my forum.

Next release has different methods being developed on the test server but to be honest I know how tight the current u-232 login cookie system is, every hash generated is unique and requires more than crunching through millions of iterations, anyhoo that's irrelevant ha ha. Next release has a lot being changed or updated daily on the test server which will inadvertently cause signup/login problems until its all completed, we want to be sure the method we use is backward compatible and also stronger than current system.
Here is a class that does exactly that and is fully backwards compatible.

https://github.com/psecio/gatekeeper

I am not suggesting that you use it, just offering a link of how it might be done.

Last edited by darkalchemy; 31st January 2018 at 22:46.
  #430  
Old 1st February 2018, 00:08
Bigjoos's Avatar
Bigjoos Bigjoos is offline
U-232 Dev
 
Join Date: May 2008
United Kingdom
Posts: 244
Thumbs up
Interesting will check it out, thanks for posting it, might be exactly what I need !!
Closed Thread

Tags
project , project u232 , torrents tracker , u232

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +2. The time now is 00:05. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.