cp.cgi
======
find:
----
use strict;
use Fcntl ':flock';
use UBBCGI qw(:cgi); # CGIPath/Modules/UBBCGI.pm
use UBBCGI::Carp qw(fatalsToBrowser set_message); # CGIPath/Modules/UBBCGI/Carp.pm
add after:
---------
##
# use MD5
##
use Digest::MD5 qw (md5 md5_hex md5_base64);
find:
----
&CheckPermission_CP;
my $cookie = cookie(
-name => "ubbadmin$vars_config{Cookie_Number}",
-value => [$username, $password, $status, $pn, $admin_num],
replace with:
------------
&CheckPermission_CP;
my $cookie = cookie(
-name => "ubbadmin$vars_config{Cookie_Number}",
-value => [$username, md5_hex(lc($password)), $status, $pn, $admin_num],
cp_lib.cgi
==========
find:
----
my @profile = &OpenProfile($profile_stuff[2]);
chomp($profile[1]);
chomp($profile[8]);
chomp($profile[15]);
$lcpw = lc($password);
$lcprofpw = lc($profile[1]);
if ($lcpw ne "$lcprofpw") {
replace with:
------------
my @profile = &OpenProfile($profile_stuff[2]);
chomp($profile[1]);
chomp($profile[8]);
chomp($profile[15]);
$lcpw = lc($password);
$lcprofpw = lc($profile[1]);
if (length($lcprofpw) < 32) {
$lcprofpw = md5_hex($lcprofpw);
}
if ($lcpw ne "$lcprofpw") {
ubb_lib.cgi
===========
find every:
----------
#lowercase everything
$lcpw = lc($profile[1]);
$lc_un = lc($profile[0]);
chomp($lc_pw_in = lc($pw)); # jic
chomp($lc_un_in = lc($un));
and add AFTER:
-------------
if (length($lcpw) < 32) {
$lcpw = md5_hex ($lcpw);
}
ubb_lib_misc.cgi
================
find:
----
-value => [$this_profile[0], $this_profile[1], $this_profile[15], $this_profile[21], $user_number, $this_profile[35], (split(/|/, $this_profile[38]))[2]],
replace with:
------------
-value => [$this_profile[0], md5_hex(lc($this_profile[1])), $this_profile[15], $this_profile[21], $user_number, $this_profile[35], (split(/|/, $this_profile[38]))[2]],
ubb_new_reply.cgi, ubb_new_topic.cgi
====================================
find:
----
$cookie4 = cookie(
-name => "ubber$vars_config{Cookie_Number}",
-value => [$this_profile[0], $this_profile[1], $this_profile[15], $this_profile[21], $user_number, $this_profile[35], (split(/|/, $this_profile[38]))[2]],
-path => '/',
-expires => '+2y'
);
replace with:
------------
$cookie4 = cookie(
-name => "ubber$vars_config{Cookie_Number}",
-value => [$this_profile[0], md5_hex(lc($this_profile[1])), $this_profile[15], $this_profile[21], $user_number, $this_profile[35], (split(/|/, $this_profile[38]))[2]],
-path => '/',
-expires => '+2y'
);
ubb_profile.cgi
===============
find:
----
$cookie2 = cookie(
-name => "ubber$vars_config{Cookie_Number}",
-value => [$user_profile[0], $new_password, $public_name, $in{DaysPrune}, $in{u}, $pntf_hidden, $avhide],
-path => '/',
-expires => '+2y'
);
replace with:
------------
$cookie2 = cookie(
-name => "ubber$vars_config{Cookie_Number}",
-value => [$user_profile[0], md5_hex(lc($new_password)), $public_name, $in{DaysPrune}, $in{u}, $pntf_hidden, $avhide],
-path => '/',
-expires => '+2y'
);
ultimate.cgi
============
find:
----
use strict;
use Fcntl ':flock';
use UBBCGI qw(:cgi); # CGIPath/Modules/UBBCGI.pm
use UBBCGI::Carp qw(fatalsToBrowser set_message); # CGIPath/Modules/UBBCGI/Carp.pm
add after:
---------
##
# use MD5
##
use Digest::MD5 qw (md5 md5_hex md5_base64);
find:
----
chomp(my $writeadmin = (&OpenProfile($profile_number))[4]);
chomp(my $this_un = (&OpenProfile($profile_number))[0]);
chomp(my $this_pw = (&OpenProfile($profile_number))[1]);
replaye with:
------------
chomp(my $writeadmin = (&OpenProfile($profile_number))[4]);
chomp(my $this_un = (&OpenProfile($profile_number))[0]);
chomp(my $this_pw = (&OpenProfile($profile_number))[1]);
$this_pw = md5_hex (lc($this_pw));
find:
----
my $cookie = cookie(
-name => "ubber$vars_config{Cookie_Number}",
-value => [$this_un, $this_pw, $pubname, $dp, $profile_number, $hidden, $noav],
-path => '/',
-expires => '+2y'
);
$username = $in{username};
replace with:
------------
my $cookie = cookie(
-name => "ubber$vars_config{Cookie_Number}",
-value => [$this_un, md5_hex(lc($this_pw)), $pubname, $dp, $profile_number, $hidden, $noav],
-path => '/',
-expires => '+2y'
);
$username = $in{username};
find:
----
# reconfirm user data- in case profile details were changed
if ($username ne '') {
my @this_profile = &verify_id_num_2($username, $password, $user_number);
chomp($this_profile[1]);
chomp($this_profile[0]);
chomp($this_profile[21]);
chomp($this_profile[15]);
chomp($this_profile[35]);
if ($this_profile[15] eq '') { $this_profile[15] = "$this_profile[0]"; }
$cookie3 = cookie(
-name => "ubber$vars_config{Cookie_Number}",
-value => [$this_profile[0], $this_profile[1], $this_profile[15], $this_profile[21], $user_number, $this_profile[35], (split(/|/, $this_profile[38]))[2]],
-path => '/',
-expires => '+2y'
);
}
replace with:
------------
# reconfirm user data- in case profile details were changed
if ($username ne '') {
my @this_profile = &verify_id_num_2($username, $password, $user_number);
chomp($this_profile[1]);
chomp($this_profile[0]);
chomp($this_profile[21]);
chomp($this_profile[15]);
chomp($this_profile[35]);
if ($this_profile[15] eq '') { $this_profile[15] = "$this_profile[0]"; }
$cookie3 = cookie(
-name => "ubber$vars_config{Cookie_Number}",
-value => [$this_profile[0], md5_hex(lc($this_profile[1])), $this_profile[15], $this_profile[21], $user_number, $this_profile[35], (split(/|/, $this_profile[38]))[2]],
-path => '/',
-expires => '+2y'
);
}