Tue 5th May '09 10:49am
|
|
|
|
ImpEx password salt issue
Imported user's password doesn't work if the last
character of the randomized password salt is a space.
In ImpEx the salt is generared like this:
function fetch_user_salt($length = 3)
{
$salt = '';
for ($i = 0; $i < $length; $i++)
{
$salt .= chr(rand(32, 126));
}
return $salt;
}
The first charcode to use in randomization should be 33,
not 32 (=space) because the trailing space in salt is truncated
when inserting the value to MySQL (Salt's column type is CHAR).
The MD5 sum of the password is generated using the original - not truncated - salt.
The problem seems to be fixed in vBulletin but not in ImpEx. |
Please Wait