Flexible Content Management System


MD5 crypt will break your login password

Contributed by This will be address on Sep 21, 2001 - 02:18 AM

If you use a non-DES crypt as your default crypt, PHP will use it. But PostNuke is hardcoded to use 2 char salt (aka DES salt), so you will unable to login as any users. MD5 uses 12 char salt. PHP sets a constant for the salt length, and it should be used, not hardcoded.

The fix is trivial:

in user.php, Replace:





P.S. PhpNuke also suffers from this I believe.