Bravo List
Register
Go Back   > Bravo List > Source Code > Trackers > Project U-232
View Poll Results: NEW tracker source: Project U-232
I will give it a try 416 76.61%
No, i`m using another source 70 12.89%
XAM is my hero, i`m sticking to Template Shares 57 10.50%
Voters: 543. You may not vote on this poll

Reply
  #421  
Old 01-12-17, 07:49
DND's Avatar
DND DND is offline
Support
 
Join Date: Dec 2008
Posts: 1,049
Default
Vinnie stop being an ass !
U-232 might be using md5 but it is using with a salt key every time.
when its the last time you heard about sites using this and gettin' hacked?
jesus christ..just read/think before you post.
__________________
Need HELP!? I can install:

  1. Server/VPS (Debian,CentOS,Ubuntu,Fedora, FreeBSD) Optimization and ... + Modules
  2. Webserver Windows/Linux (Apache/Lighttpd/Nginx/Mysql/PhpMyAdmin/SSL) Optimization and ... + Modules
  3. Seedbox Windows/Linux (uTorrent,rTorrent,libTorrent,ruTorrent) + Modules
  4. TBDev Support
  5. Gazelle Support Install
  6. TSSE Install Support
Reply With Quote
  #422  
Old 01-12-17, 08:50
Ladbexy's Avatar
Ladbexy Ladbexy is offline
Senior Member
 
Join Date: Oct 2010
P2P
Posts: 20
Default
Quote:
Originally Posted by Vinnie981 View Post
U232 uses a outdated password hashing method. https://github.com/Bigjoos/U-232-V5/..._functions.php

Being on V5 already I am suggesting that this be a priority issue and that U232 goes with the standard PHP bcrypt method.
Well sure it might uses md5 hashing methods but at least they made it open source,and they don't talk shit for other sources like you,which you develop an source but you have it closed to the public.
Reply With Quote
  #423  
Old 01-12-17, 16:21
Bigjoos's Avatar
Bigjoos Bigjoos is offline
U-232 Dev
 
Join Date: May 2008
United Kingdom
Posts: 244
Default
I created an updated make_passhash_login_key function 3-4 years ago think it was, used a random MYCRYPT salt and password_hash(PASSWORD_BYCRYPT, just never implemented it.
Will update it when we release next major update in coming months. Its priority is low, unique salted md5 is no pushover if that's what you actually think.
Reply With Quote
  #424  
Old 01-12-17, 20:10
HDVinnie's Avatar
HDVinnie HDVinnie is offline
BluCrew
 
Join Date: Dec 2014
P2P
Posts: 99
Default
lol I figured the butt hurt flaming would come..........no disrespect was meant. Glad its on your list big. Not saying its a downfall but if making u232 php7 ready, mysql5.7 ready with strict mode support I would think would take use of the bcrypt is all.

Bump:
Quote:
Originally Posted by Ladbexy View Post
Well sure it might uses md5 hashing methods but at least they made it open source,and they don't talk shit for other sources like you,which you develop an source but you have it closed to the public.
really? where did I talk shit?
Reply With Quote
  #425  
Old 01-12-17, 21:46
Bigjoos's Avatar
Bigjoos Bigjoos is offline
U-232 Dev
 
Join Date: May 2008
United Kingdom
Posts: 244
Default
I understand where your coming from vinnie, no problem at all. I've had a lot going on real life but I'm finally getting my head back into code. You can be assured it will be addressed soon, codes been on the test server for ages.

Last edited by Bigjoos; 05-12-17 at 21:18.
Reply With Quote
  #426  
Old 31-01-18, 15:55
Botanicar's Avatar
Botanicar Botanicar is online now
Senior Member
 
Join Date: Jun 2013
Croatia
Posts: 86
Default LogIn problems
@Bigjoos why I have this problem on login to U-232....

my password and username is correct 100%, an I register a new name too, but it's same problem

Click the image to open in full size.
Reply With Quote
  #427  
Old 31-01-18, 20:59
DND's Avatar
DND DND is offline
Support
 
Join Date: Dec 2008
Posts: 1,049
Default
did you tried recover to see if you can login with the password generated by the system ?
__________________
Need HELP!? I can install:

  1. Server/VPS (Debian,CentOS,Ubuntu,Fedora, FreeBSD) Optimization and ... + Modules
  2. Webserver Windows/Linux (Apache/Lighttpd/Nginx/Mysql/PhpMyAdmin/SSL) Optimization and ... + Modules
  3. Seedbox Windows/Linux (uTorrent,rTorrent,libTorrent,ruTorrent) + Modules
  4. TBDev Support
  5. Gazelle Support Install
  6. TSSE Install Support
Reply With Quote
  #428  
Old 31-01-18, 21:47
Bigjoos's Avatar
Bigjoos Bigjoos is offline
U-232 Dev
 
Join Date: May 2008
United Kingdom
Posts: 244
Default
Quote:
Originally Posted by Botanicar View Post
@Bigjoos why I have this problem on login to U-232....
Well we updated the password hashing on test site a while ago but stopped short of full completion because password_hash is not backward compatible with php 5.4 <, so that creates issues for long term users that have servers set up already that don't want the hassle of updating something that's not broken as such. resetpw.php will update you fine but you would to have sent a hint and answer on usercp.

If anyone needs me to reset password just post here or fire me a pm here or on my forum.

Next release has different methods being developed on the test server but to be honest I know how tight the current u-232 login cookie system is, every hash generated is unique and requires more than crunching through millions of iterations, anyhoo that's irrelevant ha ha. Next release has a lot being changed or updated daily on the test server which will inadvertently cause signup/login problems until its all completed, we want to be sure the method we use is backward compatible and also stronger than current system.

Last edited by Bigjoos; 31-01-18 at 22:14.
Reply With Quote
  #429  
Old 31-01-18, 22:29
darkalchemy's Avatar
darkalchemy darkalchemy is offline
VIP
 
Join Date: Dec 2017
United States
Posts: 52
Default
Quote:
Originally Posted by Bigjoos View Post
Well we updated the password hashing on test site a while ago but stopped short of full completion because password_hash is not backward compatible with php 5.4 <, so that creates issues for long term users that have servers set up already that don't want the hassle of updating something that's not broken as such. resetpw.php will update you fine but you would to have sent a hint and answer on usercp.

If anyone needs me to reset password just post here or fire me a pm here or on my forum.

Next release has different methods being developed on the test server but to be honest I know how tight the current u-232 login cookie system is, every hash generated is unique and requires more than crunching through millions of iterations, anyhoo that's irrelevant ha ha. Next release has a lot being changed or updated daily on the test server which will inadvertently cause signup/login problems until its all completed, we want to be sure the method we use is backward compatible and also stronger than current system.
Here is a class that does exactly that and is fully backwards compatible.

https://github.com/psecio/gatekeeper

I am not suggesting that you use it, just offering a link of how it might be done.
__________________
I do custom coding, source installs, mods, server setup and/or config, etc. Feel free to pitch me your needs and your offer.

Last edited by darkalchemy; 31-01-18 at 22:46.
Reply With Quote
  #430  
Old 01-02-18, 00:08
Bigjoos's Avatar
Bigjoos Bigjoos is offline
U-232 Dev
 
Join Date: May 2008
United Kingdom
Posts: 244
Thumbs up
Interesting will check it out, thanks for posting it, might be exactly what I need !!
Reply With Quote
Reply

Tags
project , project u232 , torrents tracker , u232

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +2. The time now is 18:10. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2018, vBulletin Solutions Inc.