Dan,
I have continued to struggle with this. I have concluded that your
solution works fine, as long as you do not have $cryptkey="somestring" in
index.php.
I cannot now find where I got the direction to put that in my index.php.
But if I don't, then the initial passwords are held in plaintext in the
member.xxx files. This is unacceptable in today's internet where even
so-called democratic governments steal from us.
I am close to abandoning Boltwire because of the difficulty in
understanding these complexities.
TOF.
On Friday, 20 June 2014 14:36:03 UTC+1, Dan wrote:
>
> Ah, your right. My bad... I uploaded the revised plugin to the wrong
> location. I just fixed it now.
>
> Here's all the crypt file should contain:
>
> <?php if (!defined('BOLTWIRE')) exit();
> function BOLTXencrypt($value, $field) {
> global $cryptkey;
> return crypt($value, $cryptkey);
> }
>
> You could of course just add these lines to config.php, maybe saying
> something like:
>
> if ($pageLink == 'action.password') {
> function BOLTXencrypt($value, $field) {
> global $cryptkey;
> return crypt($value, $cryptkey);
> }
> }
>
> Create config.php and put in config folder with the first line above
> (starting with <?php) and then add any other php you want. If the file
> exists, BoltWire will automatically load it for every page.
>
> I find myself more and more just adding functions like this to my
> config.php so I don't have to worry about a bunch of individual
> plugins--and I can easily customize them.
>
> To tell whether a plugin is getting called put something like the
> following in the plugin and then reload your page. You'll know
> immediately.
>
> pp('Working!');
>
> Cheers,
> Dan
>
>
>
> On Fri, Jun 20, 2014 at 3:58 AM, TheOldFellow <[email protected]
> <javascript:>> wrote:
>
>> The 'crypt.php' downloaded a few seconds ago is identical to the one I
>> downloaded three days ago. If you have changed it, this is undetectable.
>> Changing the enableCrypt from the old (caveman) version to yours has not
>> altered anything.
>> I am still getting plaintext when I expect cyphertext in the warning:
>>
>>
>> Current password th3G.EMsw.ZeI=bean109 is not correct. Try again!
>>
>> This is coming from the line:
>>
>>
>> [command if_1 "! equal {~password} {=crypt_1} ? warn='Current password
>> {~password}={=crypt_1} is not correct. Try again!'"]
>>
>> so the value of {=crypt_1} is still the plaintext passed to:
>>
>> [command crypt_1 {=passnow}]
>>
>> in the line above. ( see your revised Password Changer).
>>
>> I suspect that I am NOT getting the latest crypt.php from the boltwire
>> site.
>> TOF.
>>
>>
>> On Friday, 20 June 2014 02:15:36 UTC+1, Dan wrote:
>>>
>>> A couple things I see right off.
>>>
>>> 1) Make sure the plugin is lowercase (crypt.php) in config.php. BoltWire
>>> probably won't pick it up if it's upper case.
>>>
>>> 2) You have to enable the plugin for the page that uses it. ie, in site
>>> config put
>>>
>>> enableCrypt: action.password (not login* -- which means for all login
>>> pages)
>>>
>>> Also, I rewrote the password changer solution page and uploaded a new
>>> crypt plugin. You might want to get those just to make sure there's not
>>> some other problem.
>>>
>>> Cheers,
>>> Dan
>>>
>>>
>>>
>>> --
>> You received this message because you are subscribed to the Google Groups
>> "BoltWire" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> To post to this group, send email to [email protected]
>> <javascript:>.
>> Visit this group at http://groups.google.com/group/boltwire.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
--
You received this message because you are subscribed to the Google Groups
"BoltWire" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/boltwire.
For more options, visit https://groups.google.com/d/optout.
