Vinnie stop being an ass !
U-232 might be using md5 but it is using with a salt key every time.
when its the last time you heard about sites using this and gettin' hacked?
jesus christ..just read/think before you post. :coffee:

Well sure it might uses md5 hashing methods but at least they made it open source,and they don't talk shit for other sources like you,which you develop an source but you have it closed to the public.

I created an updated make_passhash_login_key function 3-4 years ago think it was, used a random MYCRYPT salt and password_hash(PASSWORD_BYCRYPT, just never implemented it.
Will update it when we release next major update in coming months. Its priority is low, unique salted md5 is no pushover if that's what you actually think.

lol I figured the butt hurt flaming would come..........no disrespect was meant. Glad its on your list big. Not saying its a downfall but if making u232 php7 ready, mysql5.7 ready with strict mode support I would think would take use of the bcrypt is all.

Bump: really? where did I talk shit?

I understand where your coming from vinnie, no problem at all. I've had a lot going on real life but I'm finally getting my head back into code. You can be assured it will be addressed soon, codes been on the test server for ages.

LogIn problems
 

@Bigjoos why I have this problem on login to U-232....

my password and username is correct 100%, an I register a new name too, but it's same problem

https://image.prntscr.com/image/PSFd...Va2IMoityQ.png

did you tried recover to see if you can login with the password generated by the system ?

Well we updated the password hashing on test site a while ago but stopped short of full completion because password_hash is not backward compatible with php 5.4 <, so that creates issues for long term users that have servers set up already that don't want the hassle of updating something that's not broken as such. resetpw.php will update you fine but you would to have sent a hint and answer on usercp.

If anyone needs me to reset password just post here or fire me a pm here or on my forum.

Next release has different methods being developed on the test server but to be honest I know how tight the current u-232 login cookie system is, every hash generated is unique and requires more than crunching through millions of iterations, anyhoo that's irrelevant ha ha. Next release has a lot being changed or updated daily on the test server which will inadvertently cause signup/login problems until its all completed, we want to be sure the method we use is backward compatible and also stronger than current system.

Here is a class that does exactly that and is fully backwards compatible.

https://github.com/psecio/gatekeeper

I am not suggesting that you use it, just offering a link of how it might be done.

Interesting will check it out, thanks for posting it, might be exactly what I need !!