Fork me on GitHub

#1 2015-09-15 22:00:54

sazearte
Member
From: France
Registered: 2013-10-23
Posts: 234

how work new hash password ?

Hey, for create oneye password, i use md5(md5("mypassword")); and insert in <password> tag.

But today, oneye introduce new hash and tag "password_hash", and how create password ?

For example, how convert this texte: "mypassword" to oneye hash ?

Thanks for advance.

Last edited by sazearte (2015-09-15 22:01:50)

Offline

#2 2015-09-16 11:12:39

Wolfy
Member
Registered: 2015-05-12
Posts: 313

Re: how work new hash password ?

Thanks, sazearte for pointing out the update.  I might have missed it.  I am a little concerned.

"Using HTTPS is recommended."

How strongly recommended?  What happens if I'm not able to use https?


Wolfy
https://www.facebook.com/groups/oneye/
Currently accepting new users...  http://www.OS1.hawkwolf.net
onEye admins: OS1 is a beta testing hotbed. Non-core apps available upon request.

Offline

#3 2015-09-17 13:50:23

lars-sh
Administrator
From: near Hamburg, Germany
Registered: 2011-07-14
Posts: 731
Website

Re: how work new hash password ?

1. Instead of md5($password . md5($password)) oneye's using password_hash($password, PASSWORD_DEFAULT) to hash user passwords. This is limited to PHP >= 5.5.0! Other systems will continue using the former way. In the account's XML we're using "pasword-hash" instead of "password" to differentiate both. Old passwords are migrated automatically once a user logs in the next time.

You can read more about password_hash at http://php.net/manual/function.password-hash.php .

2. Using password_hash broke the way, oneye secured your passwords while logging in. 'til now passwords were transferred in a hashed form. Now they're transferred in plain text.

As all other oneye data transfer is done un-encrypted, this has been just a "small" piece of security. Using HTTPS fixes it all - and certificates got a lot cheaper over time.


Best regards,
Lars Knickrehm

The oneye project.

Offline

#4 2015-09-17 19:18:58

sazearte
Member
From: France
Registered: 2013-10-23
Posts: 234

Re: how work new hash password ?

ok thank's for your help !

Offline

#5 2015-09-21 14:30:02

Wolfy
Member
Registered: 2015-05-12
Posts: 313

Re: how work new hash password ?

Just checked into SSL from my site5 host.  The least expensive certificate costs $50 per year.  Not "bad" but not "good" either.  I just can't justify any expense on a system that can't generate any income.

edit- It also appears I will need a dedicated IP address before being granted the SSL certificate.  A dedicated IP is something I've wanted (if nothing else but to setup a permanent FTP site), but that costs an additional $36 per year.  Now we're up to $86 per year, and I will still run into problems where I will need a VPS ($40 per month or $480 per year).

Last edited by Wolfy (2015-09-21 15:23:34)


Wolfy
https://www.facebook.com/groups/oneye/
Currently accepting new users...  http://www.OS1.hawkwolf.net
onEye admins: OS1 is a beta testing hotbed. Non-core apps available upon request.

Offline

#6 2015-09-21 22:16:00

Wolfy
Member
Registered: 2015-05-12
Posts: 313

Re: how work new hash password ?

I installed oneye-master clean on localhost.  I can't login at all.  so maybe you mean that SSL is now required?  Not worth it.


Wolfy
https://www.facebook.com/groups/oneye/
Currently accepting new users...  http://www.OS1.hawkwolf.net
onEye admins: OS1 is a beta testing hotbed. Non-core apps available upon request.

Offline

#7 2015-09-21 22:17:37

lars-sh
Administrator
From: near Hamburg, Germany
Registered: 2011-07-14
Posts: 731
Website

Re: how work new hash password ?

It's not.


Best regards,
Lars Knickrehm

The oneye project.

Offline

#8 2015-09-21 22:58:48

Wolfy
Member
Registered: 2015-05-12
Posts: 313

Re: how work new hash password ?

seriously, can't log in.  It doesn't do the shake thing either.  Just sits there doing nothing.  Hmm, are you still only testing on edge?  Guess not, can't log on with edge either.

Last edited by Wolfy (2015-09-21 23:00:20)


Wolfy
https://www.facebook.com/groups/oneye/
Currently accepting new users...  http://www.OS1.hawkwolf.net
onEye admins: OS1 is a beta testing hotbed. Non-core apps available upon request.

Offline

#9 2015-09-21 23:13:36

lars-sh
Administrator
From: near Hamburg, Germany
Registered: 2011-07-14
Posts: 731
Website

Re: how work new hash password ?

Reset my repository and logged in using root/root.

Has nothing to do with Edge. But yes, I test server-side changes using Edge. Why not?


Best regards,
Lars Knickrehm

The oneye project.

Offline

#10 2015-09-21 23:53:47

Wolfy
Member
Registered: 2015-05-12
Posts: 313

Re: how work new hash password ?

I'll try again.  To me, but maybe not to you, edge is new and untested.  We've already found that something can work well on edge but not any other known browser.  So if you only test on edge, then you only know it works on edge.  When you asked me to beta test apps, I (obviously) took it very seriously.  I have 8 browsers installed under windows alone and god knows how many under the 2 dozen emulations at my fingertips.


Wolfy
https://www.facebook.com/groups/oneye/
Currently accepting new users...  http://www.OS1.hawkwolf.net
onEye admins: OS1 is a beta testing hotbed. Non-core apps available upon request.

Offline

#11 2015-09-22 01:06:11

Wolfy
Member
Registered: 2015-05-12
Posts: 313

Re: how work new hash password ?

yep, tried again with freshly unpacked copy using Opera32bit and Edge.  I got nothing.  No login, no hippy hippy shake, nada. It's dead Jim.  Continuing to try with the rest of my windows browsers:

Chrome = nothing
Chromium = nothing
Firefox = nothing
Opera64bit = nothing
Explorer = nothing

I guess I only have 7 browsers under windows, but it doesn't look like I can use this update for whatever reason (at least not without SSL cert).  sad


Wolfy
https://www.facebook.com/groups/oneye/
Currently accepting new users...  http://www.OS1.hawkwolf.net
onEye admins: OS1 is a beta testing hotbed. Non-core apps available upon request.

Offline

#12 2015-09-22 08:44:45

sazearte
Member
From: France
Registered: 2013-10-23
Posts: 234

Re: how work new hash password ?

it's strange because i'have not problem.

My be i have solution,
1) please copy the file oneye\system\system\services\um\modules\oneye.eyecode to oneye\system\system\services\um\modules\eyeos.eyecode

2) Have you updated the oneye\oneye\system\system\sec.xml  file ?

Last edited by sazearte (2015-09-22 08:47:01)

Offline

#13 2015-09-22 12:16:57

lars-sh
Administrator
From: near Hamburg, Germany
Registered: 2011-07-14
Posts: 731
Website

Re: how work new hash password ?

Wolfy, what PHP version are you using? I might have missed some line to handle PHP < 5.5.0.


Best regards,
Lars Knickrehm

The oneye project.

Offline

#14 2015-09-22 12:50:09

Wolfy
Member
Registered: 2015-05-12
Posts: 313

Re: how work new hash password ?

yeah, site5 has me stuck way down at 5.3.29 on centos5.11. 

So to keep it close to compatible on my windows machine I have to run 5.3.28 on localhost.  I complained about it,  so they installed 5.4 as an option. oh boy.  I would probably go ahead and take the update, but I couldn't find 5.4 for windows (it went straight to 5.6).  I tried to tell the jokers at site5 that I couldn't find 5.4 for windows, but dee 2 dee, they don't understand.


Wolfy
https://www.facebook.com/groups/oneye/
Currently accepting new users...  http://www.OS1.hawkwolf.net
onEye admins: OS1 is a beta testing hotbed. Non-core apps available upon request.

Offline

#15 2015-09-22 13:00:43

lars-sh
Administrator
From: near Hamburg, Germany
Registered: 2011-07-14
Posts: 731
Website

Re: how work new hash password ?

Check out http://windows.php.net/ for PHP 5.4 for Windows.

I'll check compatibility later today.


Best regards,
Lars Knickrehm

The oneye project.

Offline

#16 2015-09-22 13:11:23

Wolfy
Member
Registered: 2015-05-12
Posts: 313

Re: how work new hash password ?

ah, I see.  There it is.  I'll see if I can upgrade.  I was hoping they would give me 5.6, as I already have 5.6.11 installed, but whatever, I guess I can't have everything.  I can't remember if I need thread safe or not thread safe.

Last edited by Wolfy (2015-09-22 13:20:18)


Wolfy
https://www.facebook.com/groups/oneye/
Currently accepting new users...  http://www.OS1.hawkwolf.net
onEye admins: OS1 is a beta testing hotbed. Non-core apps available upon request.

Offline

#17 2015-09-22 14:48:25

lars-sh
Administrator
From: near Hamburg, Germany
Registered: 2011-07-14
Posts: 731
Website

Re: how work new hash password ?

Fixed. Shouldn't have updated the default root user's password^^


Best regards,
Lars Knickrehm

The oneye project.

Offline

#18 2015-09-22 21:57:39

Wolfy
Member
Registered: 2015-05-12
Posts: 313

Re: how work new hash password ?

yep, fixed.  works with my favorite, opera 32bit, anyway.  I keep saying I'm gonna switch to firefox and I downloaded a crapload of "developer" extensions for it, but for some reason, I still prefer opera.  Even after the original developer died and they threw out all his old code in favor of the chrome engine, I still feel most comfortable with opera.  His old  code is preserved in opera 64 bit.  So unlike most programs, the 32 bit and 64 bit versions are COMPLETELY different.  I would probably use 64 bit all the time, but there's a bug that prevents me from logging into site5 and a few other places.


Wolfy
https://www.facebook.com/groups/oneye/
Currently accepting new users...  http://www.OS1.hawkwolf.net
onEye admins: OS1 is a beta testing hotbed. Non-core apps available upon request.

Offline

#19 2015-10-08 21:56:27

Wolfy
Member
Registered: 2015-05-12
Posts: 313

Re: how work new hash password ?

You might think I'm a little crazy, but I'm trying to get facebook login to work. I ran around the facebook site for an hour while trying to make the javascript version to work. The site kept pointing me to the javascript vbersion, but I finally found the php version. If facebook login works, I might try to add google+ login too.  I know this would knock down a major barrier to the site's use and acceptance. 

Honestly, I hope the other web os developer's are totally oblivious to oneye right now, because in many ways that count, we are miles beyond even the most sophisticated of the competition.  Let them ignore us long enough to get some more of the kinks straightened out.  Unfortunately, 0.9.6 is not ready for prime time audience.  The only reason that I can use it as much as I do is simply familiarity with all the glitches, bugs and caveats. Many of the competition have the same problems that we do, but in many cases it's worse.  I really like the position of using the best web os, because I can cherry pick the best apps and avoid the crappy ones.


Wolfy
https://www.facebook.com/groups/oneye/
Currently accepting new users...  http://www.OS1.hawkwolf.net
onEye admins: OS1 is a beta testing hotbed. Non-core apps available upon request.

Offline

Board footer

Powered by FluxBB