- Joined
- Sep 12, 2013
- Messages
- 147
- Reaction score
- 67
Hi,
Today I release my version of bcrypt in RevCMS. It's just an add-on, and yeah it has been released somewhere else. It's just not out in the open and the threads that do have it are a bit confusing I guess. I don't honestly recommend bcrypt for retros that know how to defend their DB, I think it only works with retros that have a reputation of weak websites. Like injection etc.
Go to app/class.core.php and find this line:
and change it to:
Step 2, go to class.users.php and find something similar to:
then change it to:
Today I release my version of bcrypt in RevCMS. It's just an add-on, and yeah it has been released somewhere else. It's just not out in the open and the threads that do have it are a bit confusing I guess. I don't honestly recommend bcrypt for retros that know how to defend their DB, I think it only works with retros that have a reputation of weak websites. Like injection etc.
Go to app/class.core.php and find this line:
PHP:
final public function hashed($password)
{
return md5($password);
}
PHP:
final public function hashed($password)
{
return password_hash($password, PASSWORD_BCRYPT);
}
Step 2, go to class.users.php and find something similar to:
PHP:
final public function userValidation($username, $password) { global $engine; if($engine->num_rows("SELECT * FROM users WHERE username = '" . $username . "' AND password = '" . $password . "' LIMIT 1") > 0) { return true; } return false; }
PHP:
final public function userValidation($username, $password) { global $engine; if($engine->num_rows("SELECT * FROM users WHERE username = '" . $username . "' AND password = '" . $password . "' LIMIT 1") > 0) return password_verify($password); }
Last edited: