Support > cpg1.5 bridging
SMF 2.1 bridge
pols1337:
But if the life does stop crackling, there's always Aeva Media for Wedge or the new Levertine Gallery.
lurkalot:
--- Quote from: pols1337 on January 23, 2015, 02:24:57 am ---But if the life does stop crackling, there's always Aeva Media for Wedge or the new Levertine Gallery.
--- End quote ---
But that's nothing to do with Coppermine. Actually I already use Levertine Gallery. ;)
In fact the author of Levgal was my reliable source mentioned above. He should know what he's talking about, as he coded most of SMF 2.1 in the first place. ;)
keithsnell1:
--- Quote from: lurkalot on January 18, 2015, 06:57:35 pm ---I'm also going to need this, but I'm told by a reliable source, it's not going to be a easy task by any means.
--- End quote ---
Any update on developing a bridge for SMF 2.1? I'm in the process of updating a large website to SMF 2.0. The site is currently bridged with Coppermine. I don't want to continue down a path that is in imminent danger of breaking. If Coppermine's bridge to SMF will break with SMF 2.1, then I'd rather know that now so I can spend my time implementing another solution.
So...does anyone know if work is being done on a bridge with SMF 2.1?
Thanks,
Keith
lurkalot:
--- Quote from: keithsnell1 on November 19, 2015, 05:44:23 pm ---Any update on developing a bridge for SMF 2.1? I'm in the process of updating a large website to SMF 2.0. The site is currently bridged with Coppermine. I don't want to continue down a path that is in imminent danger of breaking. If Coppermine's bridge to SMF will break with SMF 2.1, then I'd rather know that now so I can spend my time implementing another solution.
So...does anyone know if work is being done on a bridge with SMF 2.1?
Thanks,
Keith
--- End quote ---
Arantor who wrote most of SMF 2.1 was going to help me with this, but unfortunately (for us) he got himself new employment which is taking up most of his time. Not sure it'll be an easy task (or possible) especially if Coppermine does the password hashing inside the SQL - that won't work in 2.1 because of the new password method which must be done PHP-side.
I also need this bridge. We already adapted a version of Tinyportal 2 for SMF 2.1 beta 2. http://cctestsite.info/testsite3/ So when SMF 2.1 goes gold I'll want to switch asap.
gmc:
OK... let's hash this out... (pun intended...)
What SMF did appears to be this:
--- Code: --- Use bcrypt for passwords and SHA-512 for cookies
Shift from sha256(sha1(lower(username) . password)) to password_hash(sha1(lower(username) . password), PASSWORD_BCRYPT) which is a PHP 5.5 implementation of a costly bcrypt based algorithm (added a back porting library as well which makes it compatible till minimum of PHP 5.3.7). This is much slower and more secure than a simple one pass sha256.
Also, the cookies are shifted from sha256(password . salt) to sha512(password . salt) to give them that extra spice of security.
--- End code ---
Reference from: https://github.com/Dragooon/SMF2.1/commit/6c5c3b11bab0037d0e1a846912cc0b51c0772b1f
Please correct me if I'm wrong - but I don't think we really care about the password logic change - as we route any login/logout requests directly to SMF... The bridge code in smf20.inc.php does contain a password algorithm specified for 'name of the password field' - but not clear where we would ever use it...
The function "udb_hash_db($password)" is marked 'unused'...
I wouldn't expect the login function from udb_base.inc.php to even be used.
So is the issue the change from sha256 to sha512 for the cookies?
There is a session_extraction() function - but this doesn't even reference sha256 today...
I'd need to dig deeper here - unless someone can point me in right direction.
If I can better understand the issue - certainly willing to help..
(I don't have a 2.1 forum to play with yet - but I can fix that shortly...)
Greg
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version