Joomla Login for using G2 as standalone

karlja

Joined: 2008-08-14
Posts: 1

Posted: Thu, 2008-08-14 09:58

Hi,

I have been experiencing a lot of trouble when trying to use my embeddeded G2 from it's standalone site. Which also included problems when logging in with Gallery Remote or other upload tools.
You had to do a password recovery to login with Gallery Remote.

So I worked out a little hack to include the Joomla login in the G2 login routine. The hack leaves the original G2 login working while adding the Joomla login.
Joomla 1.0.15
G2 2.2.5

To apply this hack you have to open the /modules/core/classes/GalleryUser.class in your G2 folder and add the following lines of code to the isCorrectPassword-function (around line 174):


    list($hash, $salt) = explode(':', $valid);
    $check_password = md5( $password . $salt ).":".$salt;
    if(!strcmp($check_password, $valid)) {
        return true;
    }

The entire isCorrectPassword-function then has to look like this:


function isCorrectPassword($password) {
    $valid = $this-&gt;getHashedPassword();
/* JOOMLA!!! - Start */
    list($hash, $salt) = explode(':', $valid);
    $check_password = md5( $password . $salt ).":".$salt;
    if(!strcmp($check_password, $valid)) {
        return true;
    }
/* JOOMLA!!! - End */
    $salt = substr($valid, 0, 4);
    /* Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes: */
    $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password));
    if (!strcmp($guess, $valid)) {
        return true;
    }
    /* Passwords with &lt;&amp;"&gt; created by G2 prior to 2.1 were hashed with entities */
    GalleryUtilities::sanitizeInputValues($password, false);
    $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password));
    return !strcmp($guess, $valid);
    }

For the original G2 login it is extremely important to add the hack before $salt is defined as substring of $valid.

I hope this hack is helpful for everyone experiencing the same problem. If you experience any problems with this hack, please let me know.

cya
Karlja

karlja Joined: 2008-08-14 Posts: 1	Posted: Thu, 2008-08-14 09:58
	Hi, I have been experiencing a lot of trouble when trying to use my embeddeded G2 from it's standalone site. Which also included problems when logging in with Gallery Remote or other upload tools. You had to do a password recovery to login with Gallery Remote. So I worked out a little hack to include the Joomla login in the G2 login routine. The hack leaves the original G2 login working while adding the Joomla login. Joomla 1.0.15 G2 2.2.5 To apply this hack you have to open the /modules/core/classes/GalleryUser.class in your G2 folder and add the following lines of code to the isCorrectPassword-function (around line 174): `list($hash, $salt) = explode(':', $valid); $check_password = md5( $password . $salt ).":".$salt; if(!strcmp($check_password, $valid)) { return true; }` The entire isCorrectPassword-function then has to look like this: function isCorrectPassword($password) { $valid = $this->getHashedPassword(); /* JOOMLA!!! - Start / list($hash, $salt) = explode(':', $valid); $check_password = md5( $password . $salt ).":".$salt; if(!strcmp($check_password, $valid)) { return true; } / JOOMLA!!! - End / $salt = substr($valid, 0, 4); / Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes: / $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password)); if (!strcmp($guess, $valid)) { return true; } / Passwords with <&"> created by G2 prior to 2.1 were hashed with entities */ GalleryUtilities::sanitizeInputValues($password, false); $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password)); return !strcmp($guess, $valid); } For the original G2 login it is extremely important to add the hack before $salt is defined as substring of $valid. I hope this hack is helpful for everyone experiencing the same problem. If you experience any problems with this hack, please let me know. cya Karlja
	XUser login Username: * Password: * Create new account Request new password

Joomla Login for using G2 as standalone

XUser login