Using publish_xp.php when Gallery is embedded in Geeklog

robinbowes

Joined: 2002-09-20
Posts: 99
Posted: Tue, 2004-04-27 22:08

Hi,

Out of the box, publish_xp.php does not work when Gallery is embedded within Geeklog.

I've done some detective work and have got it working with a minor tweak to classes/geeklog/User.php.

Simply add the following function at the end of User.php to override the default:

function isCorrectPassword($password_hash) {
    # Get the user's password hash from Geeklog
    $gl_passwd = COM_getpassword($this->username);
    return (!strcmp($gl_passwd, $password_hash));
}

Now, whilst this works, there is an alternative approach.

The default isCorrectPassword function is as follows:

function isCorrectPassword($password) {
   $hash = '';
   if(strlen($this->password) == 32) { // old password schema
      $hash =  md5($password);
   }
   else {
      $salt = substr($this->password,0, 4);
      $hash = $salt.md5($salt.$password);
   }
   return (!strcmp($this->password, $hash));
}

This fails with geeklog because neither the loadByUid or loadByUserName functions in classes/geeklog/User.php read the password from the database and set it in user object.

This could be corrected by adding an additional line in each of these functions as follows:

$this->password = $userInfo['password'];

This would also mean adding the "password" field to the SQL query.

Is there any reason why this approach wouldn't work? Does it cause any security issues?

Cheers,

R.