Support > cpg1.5 bridging

SMF 2.1 bridge

<< < (6/8) > >>

keithsnell1:

--- Quote from: gmc on November 20, 2015, 01:08:25 am ---I have my testbed now... SMF 2.1 Beta 2 and CPG 1.5.40.
And can certainly confirm bridging doesn't work... lol...
Never end up logged in to CPG.

--- End quote ---

Progress!  :)

Thanks again for looking into this.

Keith

gmc:
I looked at your link earlier lurkalot... That was where I got the quote from their commit.

I'm trying to figure why the password encryption change would break it - as we defer login/logout to the forum when bridged... As I understand it (and why I'm asking for suggestions) - is our login process is bypassed - and we use the session info to confirm login.
They changed cookies to sha512 at same time - but not seeing where we referenced sha256 either.

I'll read through the code as I can (my day job been hectic) - and piece together what we do unless someone else has some insight.

SMF indicates at least one more beta coming before it goes live... Of course means they can change things again too.

lurkalot:

--- Quote from: gmc on November 20, 2015, 01:34:39 am ---
SMF indicates at least one more beta coming before it goes live... Of course means they can change things again too.

--- End quote ---

That's the reason I've had trouble getting help with this problem from the SMF team.  They always advise to hold off on building mods and themes until nearer release.   There's been quite a few changes between betas so far. If I find out anything of use I'll pass it on to you straight away.

dpaulat:
I've created an SMF bridge for 2.1.x for cpg1.6.x at the following link:
https://github.com/coppermine-gallery/cpg1.6.x/pull/17

I don't have a 1.5.x instance to test with, but the changes were relatively minor from the 2.0.x bridge.  As follows are differences between smf20.inc.php and smf21.inc.php:


--- Code: ---21,22c21,22
<         'full_name' => 'Simple Machines (SMF) 2.0.x',
<         'short_name' => 'smf20',
---
>         'full_name' => 'Simple Machines (SMF) 2.1.x',
>         'short_name' => 'smf21',
86c86
<                 'password' => 'SHA1(CONCAT(passwd, password_salt))', // name of the password field in the users table
---
>                 'password' => 'SHA2(CONCAT(passwd, password_salt), 512)', // name of the password field in the users table
122c122
<                 $data = unserialize($superCage->cookie->getRaw($this->cookie_name));
---
>                 $data = json_decode($superCage->cookie->getRaw($this->cookie_name));
124c124
<                 if (is_numeric($data[0]) && preg_match('/^[A-F0-9]{40}$/i', $data[1])) {
---
>                 if (is_numeric($data[0]) && preg_match('/^[A-F0-9]{128}$/i', $data[1])) {

--- End code ---

The important part is the change from a 160-bit hash to 512-bit, as well as the cookie format.  The bcrypt implementation doesn't matter, as what both compares have already been run through bcrypt.  This works with the latest beta version on the release-2.1 branch.

phill104:
Many thanks for your excellent contributions

Navigation

[0] Message Index

[#] Next page

[*] Previous page