Issue with EE 2.4 - Githubissues

designbyfront / LDAP-Authentication-for-ExpressionEngine

An ExpressionEngine Extension that allows the authentication of users via LDAP. LDAP details are copied to the EE database before standard MySQL authentication is performed. If user is not found on LDAP, MySQL authentication will still be performed (useful for EE users not in LDAP)

http://www.designbyfront.com

30 stars 16 forks source link

Issue with EE 2.4 #12

Open ghost opened 12 years ago

ghost commented 12 years ago

I am on EE 2.4 and it looks like one of the functions that this plugin uses has been deprecated. I am seeing the following error being thrown in my developer log

The system has detected an add-on that is using outdated code that may stop working or cause issues with the system. What does this mean? Deprecated function hash() called in \nce_ldap\ext.nce_ldap.php on line 246. Deprecated since 2.0. Use Security_helper::do_hash instead.

Any chance this can be patched?

EpicVoyage commented 12 years ago

This warning only means that the EE team expects to remove that function in a future release. It won't hurt anything yet.

ghost commented 12 years ago

Thanks,

Just want to make sure that this will be updated to utilize the new method. My organization uses this plugin to log in and this would be very big show stopper for us.

Joe Gengler | Information Technology Services Supervisor University Union and The Well Collaborative Services Sacramento State | 6000 J Street, Sacramento CA 95819-6017 t: 916-278-2249 | f: 916-278-4850 | e: jgengler@csus.edu www.union.csus.edu

Sent from my iPhone

On Apr 30, 2012, at 10:37 AM, DagaDagareply@reply.github.com wrote:

This warning only means that the EE team expects to remove that function in a future release. It won't hurt anything yet.

Reply to this email directly or view it on GitHub: https://github.com/designbyfront/LDAP-Authentication-for-ExpressionEngine/issues/12#issuecomment-5422890

EpicVoyage commented 12 years ago

I'm not the developer, but this is the only change you should need (note that I have not tested it):

--- ext.nce_ldap.orig.php   2012-05-03 03:33:22.000000000 -0500
+++ ext.nce_ldap.php    2012-05-03 03:33:31.000000000 -0500
@@ -243,7 +243,8 @@
    function sync_user_details($user_info)
    {
            // Sync EE password to match LDAP (if account exists)
-           $encrypted_password = $this->EE->functions->hash(stripslashes($user_info['password']));
+           $this->EE->load->helper('security');
+           $encrypted_password = do_hash(stripslashes($user_info['password']));
            $sql = 'UPDATE exp_members SET password = \''.$this->EE->db->escape_str($encrypted_password).'\' WHERE username = \''.$this->EE->db->escape_str($user_info['username']).'\'';
            $this->debug_print('Updating user with SQL: '.$sql);
            $this->EE->db->query($sql);

ElusiveMind commented 12 years ago

I made this modification in our code and it works great. I've patched it and am trying to contribute this and an Active Directory patch back to the project. Contact me for details.

dmulvi commented 9 years ago

The do_hash function is also pulled out of EE now. I'm using 2.10.1 as of this writing. Found an SO article that suggested changing to the native php hash function. So now change:

$encrypted_password = $this->EE->functions->hash(stripslashes($user_info['password']));

to:

$encrypted_password = hash('sha1',stripslashes($user_info['password']));