Hi,
Out of the box, publish_xp.php does not work when Gallery is embedded within Geeklog.
I've done some detective work and have got it working with a minor tweak to classes/geeklog/User.php.
Simply add the following function at the end of User.php to override the default:
function isCorrectPassword($password_hash) {
# Get the user's password hash from Geeklog
$gl_passwd = COM_getpassword($this->username);
return (!strcmp($gl_passwd, $password_hash));
}
Now, whilst this works, there is an alternative approach.
The default isCorrectPassword function is as follows:
function isCorrectPassword($password) {
$hash = '';
if(strlen($this->password) == 32) { // old password schema
$hash = md5($password);
}
else {
$salt = substr($this->password,0, 4);
$hash = $salt.md5($salt.$password);
}
return (!strcmp($this->password, $hash));
}
This fails with geeklog because neither the loadByUid or loadByUserName functions in classes/geeklog/User.php read the password from the database and set it in user object.
This could be corrected by adding an additional line in each of these functions as follows:
$this->password = $userInfo['password'];
This would also mean adding the "password" field to the SQL query.
Is there any reason why this approach wouldn't work? Does it cause any security issues?
Cheers,
R.