forum.coppermine-gallery.net

Support => cpg1.5.x Support => cpg1.5 bridging => Topic started by: skulls on December 19, 2014, 10:43:32 pm

Title: SMF 2.1 bridge
Post by: skulls on December 19, 2014, 10:43:32 pm
2.1 is now in beta release.  Sure it's early but what changes must be done to the bridge config to make it work?  2.1 is using bcrypt.   ;)
Title: Re: SMF 2.1 bridge
Post by: skulls on December 24, 2014, 06:40:10 am
Are there plans to create an updated bridge?  It would be preferable to still be able to use Coppermine, though the upgrade has higher priority along with any bridgable gallery.
Title: Re: SMF 2.1 bridge
Post by: Phill Luckhurst on December 24, 2014, 06:44:34 pm
It's not something that we have looked at yet but I am sure one of the team or someone in the community (hint intended) will look into updating the current bridge.
Title: Re: SMF 2.1 bridge
Post by: pols1337 on December 25, 2014, 01:20:21 am
Lots of nice things in SMF 2.1
Title: Re: Re: SMF 2.1 bridge
Post by: skulls on December 25, 2014, 04:27:02 am
It's not something that we have looked at yet but I am sure one of the team or someone in the community (hint intended) will look into updating the current bridge.

Awesome!  Thank Phill!


Lots of nice things in SMF 2.1

Indeed!  I'm running it on a small live site.  The users love it!  I have a large forum I'd like to upgrade when the bridge is patched.   8)
Title: Re: SMF 2.1 bridge
Post by: Αndré on December 26, 2014, 09:42:51 pm
Probably stupid question, but does the bridge needs to be updated at all? Have you already tested to use the existing bridge?
Title: Re: Re: SMF 2.1 bridge
Post by: skulls on December 26, 2014, 10:45:43 pm
Probably stupid question, but does the bridge needs to be updated at all? Have you already tested to use the existing bridge?

Sure have.  The bridge was working on 2.0.9, then no longer after the 2.1 upgrade.  This is on a small site.  I have larger sites to be upgraded soon.   ;)
Title: Re: SMF 2.1 bridge
Post by: lurkalot on December 26, 2014, 11:26:16 pm
I'm sure | tried it with 2.1 sometime back and it worked, haven't tried it with the new beta release yet though, but will as soon as I can get Xampp working again, doh.
Title: Re: SMF 2.1 bridge
Post by: skulls on December 27, 2014, 02:24:43 am
It hasn't been long since the bcrypt changeover.  May 28 to be precise.  If this helps anyone here is the merge:

https://github.com/SimpleMachines/SMF2.1/pull/1674

Title: Re: SMF 2.1 bridge
Post by: lurkalot on December 27, 2014, 10:55:36 am
It hasn't been long since the bcrypt changeover.  May 28 to be precise.  If this helps anyone here is the merge:

https://github.com/SimpleMachines/SMF2.1/pull/1674

aha, that explains why it no longer works then.  As of now the bridge works in as much as it will log you into SMF 2.1 from Coppermine, but doesn't log you into Coppermine
Title: Re: SMF 2.1 bridge
Post by: skulls on January 13, 2015, 09:51:08 pm
Any takers on this?   ;D
Title: Re: SMF 2.1 bridge
Post by: skulls on January 17, 2015, 05:32:01 am
Don't everyone jump at once.   ;D  This is the future of SMF if coppermine wishes to stay on board.  ;)
Title: Re: SMF 2.1 bridge
Post by: gmc on January 18, 2015, 05:12:55 pm
I am certainly interested in this - as I have a large site/gallery that uses the SMF/CPG bridge..
But remember we are all volunteers - and I know personally I can't jump on this right now...

Don't think we aren't interested - but SMF 2.1 is still 'Alpha' from what I see... This isn't a pressing issue for me just yet.

Greg
Title: Re: Re: SMF 2.1 bridge
Post by: lurkalot on January 18, 2015, 06:57:35 pm
I am certainly interested in this - as I have a large site/gallery that uses the SMF/CPG bridge..
But remember we are all volunteers - and I know personally I can't jump on this right now...

Don't think we aren't interested - but SMF 2.1 is still 'Alpha' from what I see... This isn't a pressing issue for me just yet.

Greg

I'm also going to need this, but I'm told by a reliable source,  it's not going to be a easy task by any means.
Title: Re: Re: SMF 2.1 bridge
Post by: skulls on January 19, 2015, 02:11:51 am

But remember we are all volunteers

but SMF 2.1 is still 'Alpha' from what I see.

Greg


Indeed.  Not to sound unappreciative, but at least there is life crackling here.    ;)
 

http://www.simplemachines.org/community/index.php?topic=530233.0

It's happening.   ;D


I'm also going to need this, but I'm told by a reliable source,  it's not going to be a easy task by any means.

Then we should get started!  lol

Title: Re: SMF 2.1 bridge
Post by: pols1337 on January 23, 2015, 02:24:57 am
But if the life does stop crackling, there's always Aeva Media for Wedge or the new Levertine Gallery. 
Title: Re: SMF 2.1 bridge
Post by: lurkalot on January 23, 2015, 07:11:06 pm
But if the life does stop crackling, there's always Aeva Media for Wedge or the new Levertine Gallery.

But that's nothing to do with Coppermine.  Actually I already use Levertine Gallery.  ;)

In fact the author of Levgal was my reliable source mentioned above.  He should know what he's talking about, as he coded most of SMF 2.1 in the first place. ;)
Title: Re: Re: Re: SMF 2.1 bridge
Post by: keithsnell1 on November 19, 2015, 05:44:23 pm
I'm also going to need this, but I'm told by a reliable source,  it's not going to be a easy task by any means.

Any update on developing a bridge for SMF 2.1?  I'm in the process of updating a large website to SMF 2.0.  The site is currently bridged with Coppermine.  I don't want to continue down a path that is in imminent danger of breaking.  If Coppermine's bridge to SMF will break with SMF 2.1, then I'd rather know that now so I can spend my time implementing another solution. 

So...does anyone know if work is being done on a bridge with SMF 2.1?

Thanks,
Keith
Title: Re: Re: Re: SMF 2.1 bridge
Post by: lurkalot on November 19, 2015, 07:43:53 pm
Any update on developing a bridge for SMF 2.1?  I'm in the process of updating a large website to SMF 2.0.  The site is currently bridged with Coppermine.  I don't want to continue down a path that is in imminent danger of breaking.  If Coppermine's bridge to SMF will break with SMF 2.1, then I'd rather know that now so I can spend my time implementing another solution. 

So...does anyone know if work is being done on a bridge with SMF 2.1?

Thanks,
Keith

Arantor who wrote most of SMF 2.1 was going to help me with this, but unfortunately (for us) he got himself new employment which is taking up most of his time.  Not sure it'll be an easy task (or possible) especially if Coppermine does the password hashing inside the SQL - that won't work in 2.1 because of the new password method which must be done PHP-side.

I also need this bridge.  We already adapted a version of Tinyportal 2 for SMF 2.1 beta 2. http://cctestsite.info/testsite3/  So when SMF 2.1 goes gold I'll want to switch asap.
Title: Re: SMF 2.1 bridge
Post by: gmc on November 19, 2015, 09:44:39 pm
OK... let's hash this out... (pun intended...)
What SMF did appears to be this:
Code: [Select]
Use bcrypt for passwords and SHA-512 for cookies
Shift from sha256(sha1(lower(username) . password)) to password_hash(sha1(lower(username) . password), PASSWORD_BCRYPT) which is a PHP 5.5 implementation of a costly bcrypt based algorithm (added a back porting library as well which makes it compatible till minimum of PHP 5.3.7). This is much slower and more secure than a simple one pass sha256.

Also, the cookies are shifted from sha256(password . salt) to sha512(password . salt) to give them that extra spice of security.
Reference from: https://github.com/Dragooon/SMF2.1/commit/6c5c3b11bab0037d0e1a846912cc0b51c0772b1f (https://github.com/Dragooon/SMF2.1/commit/6c5c3b11bab0037d0e1a846912cc0b51c0772b1f)

Please correct me if I'm wrong - but I don't think we really care about the password logic change - as we route any login/logout requests directly to SMF... The bridge code in smf20.inc.php does contain a password algorithm specified for 'name of the password field' - but not clear where we would ever use it...
The function "udb_hash_db($password)" is marked 'unused'...
I wouldn't expect the login function from udb_base.inc.php to even be used.

So is the issue the change from sha256 to sha512 for the cookies?
There is a session_extraction() function - but this doesn't even reference sha256 today...
I'd need to dig deeper here - unless someone can point me in right direction.

If I can better understand the issue - certainly willing to help..
(I don't have a 2.1 forum to play with yet - but I can fix that shortly...)

Greg
Title: Re: SMF 2.1 bridge
Post by: lurkalot on November 19, 2015, 09:56:57 pm
Thanks for looking into this Greg. 

Might pay to look at the current official SMF 2.1 repo https://github.com/SimpleMachines/SMF2.1

Things change here almost daily.
Title: Re: Re: Re: Re: SMF 2.1 bridge
Post by: keithsnell1 on November 19, 2015, 09:57:19 pm
I also need this bridge.  We already adapted a version of Tinyportal 2 for SMF 2.1 beta 2. http://cctestsite.info/testsite3/  So when SMF 2.1 goes gold I'll want to switch asap.

That's good to know.  :)

Also good to know that you have adapted Tinyportal to work with SMF 2.1.  I'm using Tinyportal as well, so it's good to know it will continue to work with SMF 2.1.

Thank you for responding.  I'll continue with my upgrades for now, but it sure would be nice to know that I'm not working towards a dead end.
Title: Re: Re: SMF 2.1 bridge
Post by: keithsnell1 on November 19, 2015, 10:04:00 pm
If I can better understand the issue - certainly willing to help..
(I don't have a 2.1 forum to play with yet - but I can fix that shortly...)

Greg

Thank you Greg.  I have way too many images in my galleries to try to make a clean break from Coppermine. 

I wish I could help with the coding but you guys are WAY over my head.

Thanks for looking into this.

Keith
Title: Re: SMF 2.1 bridge
Post by: gmc on November 20, 2015, 01:08:25 am
I have my testbed now... SMF 2.1 Beta 2 and CPG 1.5.40.
And can certainly confirm bridging doesn't work... lol...
Never end up logged in to CPG.

I need to dig deeper into where the problem really is...
Welcome for pointers/suggestions from those that have coded more in the bridging area... It's not one that I've worked on before - but willing to dig in and learn.
Title: Re: Re: SMF 2.1 bridge
Post by: lurkalot on November 20, 2015, 01:24:44 am
I have my testbed now... SMF 2.1 Beta 2 and CPG 1.5.40.
And can certainly confirm bridging doesn't work... lol...
Never end up logged in to CPG.


That's what I found.  Just in case you missed it http://forum.coppermine-gallery.net/index.php/topic,77951.msg376846.html#msg376846

I'm pretty sure it worked until they changed to BCrypt.  There's a link to that commit in that post I just linked to, and the post above it.
Title: Re: Re: SMF 2.1 bridge
Post by: keithsnell1 on November 20, 2015, 01:26:36 am
I have my testbed now... SMF 2.1 Beta 2 and CPG 1.5.40.
And can certainly confirm bridging doesn't work... lol...
Never end up logged in to CPG.

Progress!  :)

Thanks again for looking into this.

Keith
Title: Re: SMF 2.1 bridge
Post by: gmc on November 20, 2015, 01:34:39 am
I looked at your link earlier lurkalot... That was where I got the quote from their commit.

I'm trying to figure why the password encryption change would break it - as we defer login/logout to the forum when bridged... As I understand it (and why I'm asking for suggestions) - is our login process is bypassed - and we use the session info to confirm login.
They changed cookies to sha512 at same time - but not seeing where we referenced sha256 either.

I'll read through the code as I can (my day job been hectic) - and piece together what we do unless someone else has some insight.

SMF indicates at least one more beta coming before it goes live... Of course means they can change things again too.
Title: Re: Re: SMF 2.1 bridge
Post by: lurkalot on November 20, 2015, 08:04:20 am

SMF indicates at least one more beta coming before it goes live... Of course means they can change things again too.

That's the reason I've had trouble getting help with this problem from the SMF team.  They always advise to hold off on building mods and themes until nearer release.   There's been quite a few changes between betas so far. If I find out anything of use I'll pass it on to you straight away.
Title: Re: SMF 2.1 bridge
Post by: dpaulat on January 01, 2018, 12:13:41 am
I've created an SMF bridge for 2.1.x for cpg1.6.x at the following link:
https://github.com/coppermine-gallery/cpg1.6.x/pull/17

I don't have a 1.5.x instance to test with, but the changes were relatively minor from the 2.0.x bridge.  As follows are differences between smf20.inc.php and smf21.inc.php:

Code: [Select]
21,22c21,22
<         'full_name' => 'Simple Machines (SMF) 2.0.x',
<         'short_name' => 'smf20',
---
>         'full_name' => 'Simple Machines (SMF) 2.1.x',
>         'short_name' => 'smf21',
86c86
<                 'password' => 'SHA1(CONCAT(passwd, password_salt))', // name of the password field in the users table
---
>                 'password' => 'SHA2(CONCAT(passwd, password_salt), 512)', // name of the password field in the users table
122c122
<                 $data = unserialize($superCage->cookie->getRaw($this->cookie_name));
---
>                 $data = json_decode($superCage->cookie->getRaw($this->cookie_name));
124c124
<                 if (is_numeric($data[0]) && preg_match('/^[A-F0-9]{40}$/i', $data[1])) {
---
>                 if (is_numeric($data[0]) && preg_match('/^[A-F0-9]{128}$/i', $data[1])) {

The important part is the change from a 160-bit hash to 512-bit, as well as the cookie format.  The bcrypt implementation doesn't matter, as what both compares have already been run through bcrypt.  This works with the latest beta version on the release-2.1 branch.
Title: Re: SMF 2.1 bridge
Post by: Phill Luckhurst on January 01, 2018, 02:52:56 am
Many thanks for your excellent contributions
Title: Re: SMF 2.1 bridge
Post by: theqe2story on December 29, 2019, 06:09:08 pm
Hi there,

Deliberately replying to an old topic, as its hugely relevant!

SMF 2.0.16. was released a couple of days ago, and it changes how the Cookie works - which breaks the bridge (with my 1.5.48 anyway) - as I understand it, it now works the same with SMF 2.0.16 as it does in SMF 2.1.

The developers have posted this information about it :- https://www.simplemachines.org/community/index.php?topic=570989

Thanks for any assistance with this.

- Rob
Title: Re: SMF 2.1 bridge
Post by: lurkalot on December 29, 2019, 07:06:52 pm
Hi there,

Deliberately replying to an old topic, as its hugely relevant!

SMF 2.0.16. was released a couple of days ago, and it changes how the Cookie works - which breaks the bridge (with my 1.5.48 anyway) - as I understand it, it now works the same with SMF 2.0.16 as it does in SMF 2.1.

The developers have posted this information about it :- https://www.simplemachines.org/community/index.php?topic=570989

Thanks for any assistance with this.

- Rob

Although the works much the same as SMF 2.1 the 2.1 bridge won't work for SMF 2.0 as far as I'm aware.  Just wanted to note this.  ;)

I didn't upgrade my main site running SMF 2.0.15 bridge with Coppermine because I hadn't tested it with 2.0.16 prior to release.  Wish I had now.   I did upgrade my test site which broke the bridge, and have now rolled it back to 2.0.15 until this is fixed. 

Also getting depreciated warnings on my bridge manager running in php 7.2
Title: Re: SMF 2.1 bridge
Post by: ron4mac on December 29, 2019, 09:21:35 pm
Attached a quick fix for CPG 1.5.48 SMF20 bridge in another thread.
And attached here is the same fix for CPG 1.6.x
Backwards compatible with SMF2.0.x versions prior to 2.0.16
Title: Re: SMF 2.1 bridge
Post by: lurkalot on December 29, 2019, 10:59:58 pm
Thanks Ron, I'll give it a test.  ;)
Title: Re: SMF 2.1 bridge
Post by: lurkalot on December 29, 2019, 11:52:07 pm
Ron.  I'm not having any luck with this one, although I'm showing as bridged in the database the login isn't being shared at all.  Logged in on SMF but not in Coppermine unfortunately. I'm running Coppermine 1.6.06

Sorry, ignore that.  Works a treat.  Not sure what happened must have uploaded the wrong file or something.  Thank you Ron.   ;)
Title: Re: SMF 2.1 bridge
Post by: GL700Wing on December 30, 2019, 01:36:47 am
Attached a quick fix for CPG 1.5.48 SMF20 bridge in another thread.
And attached here is the same fix for CPG 1.6.x
Backwards compatible with SMF2.0.x versions prior to 2.0.16
Perfect - worked like a charm!  Thanks!!
Title: Re: SMF 2.1 bridge
Post by: rbradbury on December 30, 2019, 05:04:01 pm
Attached a quick fix for CPG 1.5.48 SMF20 bridge in another thread.
And attached here is the same fix for CPG 1.6.x
Backwards compatible with SMF2.0.x versions prior to 2.0.16
Many thanks from me, too.  Works for my bridged setup (SMF 2.0.16)
Just in case you're scratching your head about how to update your gallery, I used the following steps which may or may not all be necessary...
1. Unbridge the forum and gallery (access bridge manager by appending /bridgemgr.php to the end of your gallery URL). Your login is your standalone Coppermine admin credentials
2. Rename the existing smf20.inc.php file to something like smf20.inc.php.old
3. Download, unzip and the upload the patch to your gallery/bridge folder
4. Log in as standalone Coppermine admin. Navigate to Config>bridge manager and run the bridging wizard. https://documentation.coppermine-gallery.net/en/bridging.htm
Title: Re: SMF 2.1 bridge
Post by: theqe2story on January 10, 2020, 05:27:49 pm
Just to let you know I just upgraded my Coppermine Gallery from 1.5.48 to 1.6.7 - bridge stopped working - this file fixed it.

Thank you so much for this.

1.6.7 working perfecting with SMF 2.0.17.