WordPress.org

Ready to get started?Download WordPress

Forums

More Secure Login
Broken plugin locks out of wp admin (5 posts)

  1. HacKan
    Member
    Posted 1 year ago #

    Plugin v 1.0.3
    When trying to log in:
    Warning: file_put_contents(/var/www/wordpress/hashBWALL) [function.file-put-contents]: failed to open stream: No such file or directory in /__removed__/public_html/test/wp-content/plugins/ballast-security-securing-hashing/BallastSecurityHasher.php on line 340

    Warning: Wrong parameter count for strstr() in /__removed__/public_html/test/wp-content/plugins/ballast-security-securing-hashing/BallastSecurityHasher.php on line 146

    So i can't log back in. this was a test instalation, so no problem. i'm gonna delete it and restore the password via mysql admin.
    However, this is a very serious issue...

    http://wordpress.org/extend/plugins/baw-more-secure-login/

  2. HacKan
    Member
    Posted 1 year ago #

    Well, i was checking the code... first of all, the second error:
    143 else if($this->StartsWith($hash, '$BPBK$100k$'))
    144 {
    145 $saltAndhash = substr($hash, 11);
    146 $salt = strstr($saltAndhash, '$', true);
    147 $hash = substr(strstr($saltAndhash, '$'), 1);
    148 $realHash = base64_encode($this->BSPBKDF2($password, base64_decode($salt), 100000));
    149 return ($hash == $realHash);
    150 }

    i can't see the error here, the line is correctly formated :S

    --------
    now the first one:

    338 function wp_check_password($password, $hash, $user_id = '')
    339 {
    340 file_put_contents("/var/www/wordpress/hashBWALL", "hash = $hash\n", FILE_APPEND);
    341 global $wp_hasher;
    341 $wp_hasher = new BallastPHPHash();

    well, clearly i dunno how is it expecting to write /var/www/wordpress/hashBWALL xD

  3. HacKan
    Member
    Posted 1 year ago #

    ok, i find out that the second error is due to my server's php version. that function supports the third param as of php v5.3.0; my svr has... a bit older one...
    Would u consider changing that line for a more compatible one?

    might be solved this way:

    function rstrstr($haystack,$needle, $start=0)
        {
            return substr($haystack, $start,strpos($haystack, $needle));
        }

    http://www.php.net/manual/es/function.strstr.php#103577
    i was actually thinking in doing something like that xD

  4. HacKan
    Member
    Posted 1 year ago #

    yep, that definitely solve the 2nd issue :)
    for the first one, i simply commented out that line, i dunno what was that doing there, it seems to be for debugging purposes, is it?

    will u apply those changes officially? just to be sure there's no drawback here, 'cause i know almost nothing about php

    edit: i've just noticed, the plugin says version 1.2, yet wordpress says 1.0.3

    here is the plugin modified: http://pastebin.com/HqxVnj3A

    reggards,
    HacKan

  5. BallastSecurity
    Member
    Posted 1 year ago #

    lol, wrong support forums. This is a completely unrelated plugin by an unrelated author. To be honest though, he is a bit of a jerk, so I had a good laugh.

    You are looking for http://wordpress.org/extend/plugins/ballast-security-securing-hashing/ which I develop.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic