Armathentication

For all the help you need with Armagetron!
User avatar
LOVER$BOY
Match Winner
Posts: 731
Joined: Thu Jan 24, 2008 12:46 pm

Re: Armathentication

Post by LOVER$BOY »

Del, the "hash_col" column is the issue for now. Your using "user_password" which is the wrong column to check passwords. PHPBB uses that to store user passwords and they use a variety of complex stuff to store the passwords. They are not md5 hashed passwords which is what the server script is looking for.

I would advice you to create a new column and name it "md5_hash" for clear indication. Then I would also advice you to edit your PHPBB so md5() hashed passwords will be registered along with your "user_password" column. It's how it works for my forums.vertrex.8ing.com.
arma_auth_col.png
(5.43 KiB) Not downloaded yet
As for how to do it... here:
Step 1: open {phpbb_root}/includes/ucp/ucp_register.php
Step 2: Go to line 286 or find "$user_row = array(
Step 3: Add

Code: Select all

'md5_hash'			=> md5($data['new_password']),
after

Code: Select all

'user_password'			=> phpbb_hash($data['new_password']),
Step 4: Save and your done!

Also another thing to do to ensure it works properly:
Step 1: open {phpbb_root}/includes/ucp/ucp_profile.php
Step 2: Go to line 109 or find "$sql_ary = array("
Step 3: Add

Code: Select all

'md5_hash'       	=> ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? md5($data['new_password']) : $user->data['md5_hash'],
after

Code: Select all

'user_password'		=> ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? phpbb_hash($data['new_password']) : $user->data['user_password'],
Last edited by LOVER$BOY on Sun Nov 17, 2013 5:47 am, edited 1 time in total.
Image
User avatar
fman23
On Lightcycle Grid
Posts: 36
Joined: Thu Sep 08, 2011 1:54 am
Location: Yes
Contact:

Re: Armathentication

Post by fman23 »

Sorry I forgot to tell you, your problem now is that the passwords are stored in the old phpbb_hash format. You need to change all of the passwords in the database to their md5 equivalents. The easiest way to do this is to have everyone who is registered use the "I forgot my password feature" and have them reset it.

About adding more groups, do that using the phpBB administration interface. You will also need to update their names in config.php as you add them.
User avatar
delinquent
Match Winner
Posts: 760
Joined: Sat Jul 07, 2012 3:07 am

Re: Armathentication

Post by delinquent »

After attempting to change the password:

Code: Select all

SQL ERROR [ mysqli ]

Unknown column 'md5_hash' in 'field list' [1054]

SQL

UPDATE phpbb_users SET username = 'delinquent', username_clean = 'delinquent', user_email = '[REDACTED]', user_email_hash = '365668311134', user_password = '9abc59749234fe8044cd90045ffa7b56', md5_hash = '9abc59749234fe8044cd90045ffa7b56', user_passchg = 1384686657 WHERE user_id = 2

BACKTRACE

FILE: (not given by php)
LINE: (not given by php)
CALL: msg_handler()

FILE: [ROOT]/includes/db/dbal.php
LINE: 757
CALL: trigger_error()

FILE: [ROOT]/includes/db/mysqli.php
LINE: 189
CALL: dbal->sql_error()

FILE: [ROOT]/includes/ucp/ucp_profile.php
LINE: 211
CALL: dbal_mysqli->sql_query()

FILE: [ROOT]/includes/functions_module.php
LINE: 507
CALL: ucp_profile->main()

FILE: [ROOT]/ucp.php
LINE: 327
CALL: p_master->load_active()
This is after adding the alterations loverboy suggested. Without these alterations, the same armagetron error occurs.

There is the option of manually creating the md5_hash table, as I am assuming that SQL hasn't created/can't see the table.

Assuming I were to create the table "phpbb_md5_hash", how many fields would it have? And am I to create it at the root of the database?
User avatar
delinquent
Match Winner
Posts: 760
Joined: Sat Jul 07, 2012 3:07 am

Re: Armathentication

Post by delinquent »

Hold up

How come the sql table doesn't know about the line "md5_hash" yet knows that there is an md5 of my password?

sic:

Code: Select all

md5_hash = '9abc59749234fe8044cd90045ffa7b56', 
when:

Code: Select all

Unknown column 'md5_hash' in 'field list' [1054]
User avatar
fman23
On Lightcycle Grid
Posts: 36
Joined: Thu Sep 08, 2011 1:54 am
Location: Yes
Contact:

Re: Armathentication

Post by fman23 »

The md5_hash is not a table but a column, but if you did what I said, it is unnecessary. It is what is causing that error because when you added the code Lover$Boy said, it tried to access a column you haven't created yet. The way Lover$Boy said is a different method and you can follow that one as well, but your forum should work the way I told you if you remove the md5_hash code. If you do want to follow the way Lover$Boy said, remove my modifications and create the md5_hash column in the phpbb_users table.

Either way, you will still need everyone to use the "I Forgot My Password" feature to update the hashes in the tables.
User avatar
delinquent
Match Winner
Posts: 760
Joined: Sat Jul 07, 2012 3:07 am

Re: Armathentication

Post by delinquent »

Finally feckin works. Thankyou both.

I hate php.
User avatar
LOVER$BOY
Match Winner
Posts: 731
Joined: Thu Jan 24, 2008 12:46 pm

Re: Armathentication

Post by LOVER$BOY »

Well done! After a hard day's work it finally works for you! ;)

Either way works but I wouldn't advice editing the source code of the forums that easily. Sometimes it can lead to bugs and errors if done incorrectly. Instead of taking a chance and risk in doing that way, my method is a simpler for people who aren't "that" into php or that likes :P

In any event, I'm glad your logins are working ;)
Image
Post Reply