Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: 1 [2]   Go Down

Author Topic: SMF 2.1 bridge  (Read 52941 times)

0 Members and 1 Guest are viewing this topic.

lurkalot

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 947
  • +Tinyportal Support team.
Re: SMF 2.1 bridge
« Reply #20 on: November 19, 2015, 09:56:57 pm »

Thanks for looking into this Greg. 

Might pay to look at the current official SMF 2.1 repo https://github.com/SimpleMachines/SMF2.1

Things change here almost daily.
Logged
Running SMF 2.1.4  / Tinyportal 3.0.0, bridged with Coppermine 1.6.25, plus cpmfetch 2.0.0

keithsnell1

  • Coppermine newbie
  • Offline Offline
  • Posts: 14
Re: Re: Re: Re: SMF 2.1 bridge
« Reply #21 on: November 19, 2015, 09:57:19 pm »

I also need this bridge.  We already adapted a version of Tinyportal 2 for SMF 2.1 beta 2. http://cctestsite.info/testsite3/  So when SMF 2.1 goes gold I'll want to switch asap.

That's good to know.  :)

Also good to know that you have adapted Tinyportal to work with SMF 2.1.  I'm using Tinyportal as well, so it's good to know it will continue to work with SMF 2.1.

Thank you for responding.  I'll continue with my upgrades for now, but it sure would be nice to know that I'm not working towards a dead end.
Logged

keithsnell1

  • Coppermine newbie
  • Offline Offline
  • Posts: 14
Re: Re: SMF 2.1 bridge
« Reply #22 on: November 19, 2015, 10:04:00 pm »

If I can better understand the issue - certainly willing to help..
(I don't have a 2.1 forum to play with yet - but I can fix that shortly...)

Greg

Thank you Greg.  I have way too many images in my galleries to try to make a clean break from Coppermine. 

I wish I could help with the coding but you guys are WAY over my head.

Thanks for looking into this.

Keith
Logged

gmc

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 785
    • GMC Design Photo Gallery
Re: SMF 2.1 bridge
« Reply #23 on: November 20, 2015, 01:08:25 am »

I have my testbed now... SMF 2.1 Beta 2 and CPG 1.5.40.
And can certainly confirm bridging doesn't work... lol...
Never end up logged in to CPG.

I need to dig deeper into where the problem really is...
Welcome for pointers/suggestions from those that have coded more in the bridging area... It's not one that I've worked on before - but willing to dig in and learn.
Logged
Thanks!
Greg
My Coppermine Gallery
Need a web hosting account? See my gallery for an offer for CPG Forum users.
Send me money

lurkalot

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 947
  • +Tinyportal Support team.
Re: Re: SMF 2.1 bridge
« Reply #24 on: November 20, 2015, 01:24:44 am »

I have my testbed now... SMF 2.1 Beta 2 and CPG 1.5.40.
And can certainly confirm bridging doesn't work... lol...
Never end up logged in to CPG.


That's what I found.  Just in case you missed it http://forum.coppermine-gallery.net/index.php/topic,77951.msg376846.html#msg376846

I'm pretty sure it worked until they changed to BCrypt.  There's a link to that commit in that post I just linked to, and the post above it.
Logged
Running SMF 2.1.4  / Tinyportal 3.0.0, bridged with Coppermine 1.6.25, plus cpmfetch 2.0.0

keithsnell1

  • Coppermine newbie
  • Offline Offline
  • Posts: 14
Re: Re: SMF 2.1 bridge
« Reply #25 on: November 20, 2015, 01:26:36 am »

I have my testbed now... SMF 2.1 Beta 2 and CPG 1.5.40.
And can certainly confirm bridging doesn't work... lol...
Never end up logged in to CPG.

Progress!  :)

Thanks again for looking into this.

Keith
Logged

gmc

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 785
    • GMC Design Photo Gallery
Re: SMF 2.1 bridge
« Reply #26 on: November 20, 2015, 01:34:39 am »

I looked at your link earlier lurkalot... That was where I got the quote from their commit.

I'm trying to figure why the password encryption change would break it - as we defer login/logout to the forum when bridged... As I understand it (and why I'm asking for suggestions) - is our login process is bypassed - and we use the session info to confirm login.
They changed cookies to sha512 at same time - but not seeing where we referenced sha256 either.

I'll read through the code as I can (my day job been hectic) - and piece together what we do unless someone else has some insight.

SMF indicates at least one more beta coming before it goes live... Of course means they can change things again too.
Logged
Thanks!
Greg
My Coppermine Gallery
Need a web hosting account? See my gallery for an offer for CPG Forum users.
Send me money

lurkalot

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 947
  • +Tinyportal Support team.
Re: Re: SMF 2.1 bridge
« Reply #27 on: November 20, 2015, 08:04:20 am »


SMF indicates at least one more beta coming before it goes live... Of course means they can change things again too.

That's the reason I've had trouble getting help with this problem from the SMF team.  They always advise to hold off on building mods and themes until nearer release.   There's been quite a few changes between betas so far. If I find out anything of use I'll pass it on to you straight away.
Logged
Running SMF 2.1.4  / Tinyportal 3.0.0, bridged with Coppermine 1.6.25, plus cpmfetch 2.0.0

dpaulat

  • Contributor
  • Coppermine newbie
  • ***
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 4
Re: SMF 2.1 bridge
« Reply #28 on: January 01, 2018, 12:13:41 am »

I've created an SMF bridge for 2.1.x for cpg1.6.x at the following link:
https://github.com/coppermine-gallery/cpg1.6.x/pull/17

I don't have a 1.5.x instance to test with, but the changes were relatively minor from the 2.0.x bridge.  As follows are differences between smf20.inc.php and smf21.inc.php:

Code: [Select]
21,22c21,22
<         'full_name' => 'Simple Machines (SMF) 2.0.x',
<         'short_name' => 'smf20',
---
>         'full_name' => 'Simple Machines (SMF) 2.1.x',
>         'short_name' => 'smf21',
86c86
<                 'password' => 'SHA1(CONCAT(passwd, password_salt))', // name of the password field in the users table
---
>                 'password' => 'SHA2(CONCAT(passwd, password_salt), 512)', // name of the password field in the users table
122c122
<                 $data = unserialize($superCage->cookie->getRaw($this->cookie_name));
---
>                 $data = json_decode($superCage->cookie->getRaw($this->cookie_name));
124c124
<                 if (is_numeric($data[0]) && preg_match('/^[A-F0-9]{40}$/i', $data[1])) {
---
>                 if (is_numeric($data[0]) && preg_match('/^[A-F0-9]{128}$/i', $data[1])) {

The important part is the change from a 160-bit hash to 512-bit, as well as the cookie format.  The bcrypt implementation doesn't matter, as what both compares have already been run through bcrypt.  This works with the latest beta version on the release-2.1 branch.
Logged

phill104

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4885
    • Windsurf.me
Re: SMF 2.1 bridge
« Reply #29 on: January 01, 2018, 02:52:56 am »

Many thanks for your excellent contributions
Logged
It is a mistake to think you can solve any major problems just with potatoes.

theqe2story

  • Coppermine novice
  • *
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 32
  • Rob Lightbody
    • The QE2 Story
Re: SMF 2.1 bridge
« Reply #30 on: December 29, 2019, 06:09:08 pm »

Hi there,

Deliberately replying to an old topic, as its hugely relevant!

SMF 2.0.16. was released a couple of days ago, and it changes how the Cookie works - which breaks the bridge (with my 1.5.48 anyway) - as I understand it, it now works the same with SMF 2.0.16 as it does in SMF 2.1.

The developers have posted this information about it :- https://www.simplemachines.org/community/index.php?topic=570989

Thanks for any assistance with this.

- Rob

lurkalot

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 947
  • +Tinyportal Support team.
Re: SMF 2.1 bridge
« Reply #31 on: December 29, 2019, 07:06:52 pm »

Hi there,

Deliberately replying to an old topic, as its hugely relevant!

SMF 2.0.16. was released a couple of days ago, and it changes how the Cookie works - which breaks the bridge (with my 1.5.48 anyway) - as I understand it, it now works the same with SMF 2.0.16 as it does in SMF 2.1.

The developers have posted this information about it :- https://www.simplemachines.org/community/index.php?topic=570989

Thanks for any assistance with this.

- Rob

Although the works much the same as SMF 2.1 the 2.1 bridge won't work for SMF 2.0 as far as I'm aware.  Just wanted to note this.  ;)

I didn't upgrade my main site running SMF 2.0.15 bridge with Coppermine because I hadn't tested it with 2.0.16 prior to release.  Wish I had now.   I did upgrade my test site which broke the bridge, and have now rolled it back to 2.0.15 until this is fixed. 

Also getting depreciated warnings on my bridge manager running in php 7.2
Logged
Running SMF 2.1.4  / Tinyportal 3.0.0, bridged with Coppermine 1.6.25, plus cpmfetch 2.0.0

ron4mac

  • Administrator
  • Coppermine addict
  • *****
  • Country: us
  • Offline Offline
  • Posts: 2026
Re: SMF 2.1 bridge
« Reply #32 on: December 29, 2019, 09:21:35 pm »

Attached a quick fix for CPG 1.5.48 SMF20 bridge in another thread.
And attached here is the same fix for CPG 1.6.x
Backwards compatible with SMF2.0.x versions prior to 2.0.16
« Last Edit: December 29, 2019, 10:12:37 pm by ron4mac »
Logged

lurkalot

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 947
  • +Tinyportal Support team.
Re: SMF 2.1 bridge
« Reply #33 on: December 29, 2019, 10:59:58 pm »

Thanks Ron, I'll give it a test.  ;)
Logged
Running SMF 2.1.4  / Tinyportal 3.0.0, bridged with Coppermine 1.6.25, plus cpmfetch 2.0.0

lurkalot

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 947
  • +Tinyportal Support team.
Re: SMF 2.1 bridge
« Reply #34 on: December 29, 2019, 11:52:07 pm »

Ron.  I'm not having any luck with this one, although I'm showing as bridged in the database the login isn't being shared at all.  Logged in on SMF but not in Coppermine unfortunately. I'm running Coppermine 1.6.06

Sorry, ignore that.  Works a treat.  Not sure what happened must have uploaded the wrong file or something.  Thank you Ron.   ;)
« Last Edit: December 30, 2019, 12:27:13 am by lurkalot »
Logged
Running SMF 2.1.4  / Tinyportal 3.0.0, bridged with Coppermine 1.6.25, plus cpmfetch 2.0.0

GL700Wing

  • Coppermine newbie
  • Offline Offline
  • Posts: 1
Re: SMF 2.1 bridge
« Reply #35 on: December 30, 2019, 01:36:47 am »

Attached a quick fix for CPG 1.5.48 SMF20 bridge in another thread.
And attached here is the same fix for CPG 1.6.x
Backwards compatible with SMF2.0.x versions prior to 2.0.16
Perfect - worked like a charm!  Thanks!!
Logged

rbradbury

  • Coppermine newbie
  • Offline Offline
  • Posts: 1
Re: SMF 2.1 bridge
« Reply #36 on: December 30, 2019, 05:04:01 pm »

Attached a quick fix for CPG 1.5.48 SMF20 bridge in another thread.
And attached here is the same fix for CPG 1.6.x
Backwards compatible with SMF2.0.x versions prior to 2.0.16
Many thanks from me, too.  Works for my bridged setup (SMF 2.0.16)
Just in case you're scratching your head about how to update your gallery, I used the following steps which may or may not all be necessary...
1. Unbridge the forum and gallery (access bridge manager by appending /bridgemgr.php to the end of your gallery URL). Your login is your standalone Coppermine admin credentials
2. Rename the existing smf20.inc.php file to something like smf20.inc.php.old
3. Download, unzip and the upload the patch to your gallery/bridge folder
4. Log in as standalone Coppermine admin. Navigate to Config>bridge manager and run the bridging wizard. https://documentation.coppermine-gallery.net/en/bridging.htm
Logged

theqe2story

  • Coppermine novice
  • *
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 32
  • Rob Lightbody
    • The QE2 Story
Re: SMF 2.1 bridge
« Reply #37 on: January 10, 2020, 05:27:49 pm »

Just to let you know I just upgraded my Coppermine Gallery from 1.5.48 to 1.6.7 - bridge stopped working - this file fixed it.

Thank you so much for this.

1.6.7 working perfecting with SMF 2.0.17.
Pages: 1 [2]   Go Up
 

Page created in 0.068 seconds with 20 queries.