EDIT: I'm doing that from Perl ...
For now I have to read registered customers data from it's database. Easy I say because DBI is here to help me. Then I spotted they are encrypted - which I expected.
OK, let's check in the code how they are encrypted... And after searching through file I find a call to tep_encrypt_password() function. And I have no idea where is it calling it from. I mean ...
And I search, tried even (Windows) search files option (Yes I do plan to move to Linux, just don't have time right now), nada ... Luckily Google knows about it :) I would love to be able to do such a thing with something Perl ....... if (tep_validate_password($password_current, $check_customer['customer +s_password'])) { tep_db_query("update " . TABLE_CUSTOMERS . " set customers_pas +sword = '" . tep_encrypt_password($password_new) . "' where customers +_id = '" . (int)$customer_id . "'"); ....
So then I found it ...
Then - same story with function tep_rand() .... and it also took me some time to figure what's going on with variables too. And I find myself as intelligent - I don't want to brag around, but let's say that my IQ is somewhat above average. Although I am "blond" and it's kinda 2 AM ...//// // This function makes a new password from a plain text password. function tep_encrypt_password($plain) { $password = ''; for ($i=0; $i<10; $i++) { $password .= tep_rand(); } $salt = substr(md5($password), 0, 2); $password = md5($salt . $plain) . ':' . $salt; return $password; }
I mean, password gets generated randomly, then it's encrypted, part of it used as salt to actually encrypt the real password ($plain) and then it's all put into that same variable that started as empty ...
I've just realised how much I like Perl and OOP :) !!!
PS. I've just realised that what I was looking for is actually
... and I wonder what is tep_not_null and where to find it ... ;)function tep_validate_password($plain, $encrypted) { if (tep_not_null($plain) && tep_not_null($encrypted)) { // split apart the hash / salt $stack = explode(':', $encrypted); if (sizeof($stack) != 2) return false; if (md5($stack[1] . $plain) == $stack[0]) { return true; } } return false; }
Retitled by davido from 'Would somebody like to comment this part of (PHP) code?'.
Considered (b10m): Delete: Marking something 'OT' isn't a freecard for posting total non-Perl related stuff
Unconsidered (holli): Enough Keep Votes (Keep/Edit/Delete: 8/0/4)
Retitled by g0n from 'OT: Would somebody like to comment this part of (PHP) code?'.
In reply to Would somebody like to comment this part of (PHP) code? by techcode
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |