SMF 2.1 bridge - Page 2 SMF 2.1 bridge - Page 2
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

SMF 2.1 bridge

Started by skulls, December 19, 2014, 10:43:32 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

lurkalot

Thanks for looking into this Greg. 

Might pay to look at the current official SMF 2.1 repo https://github.com/SimpleMachines/SMF2.1

Things change here almost daily.
Running SMF 2.1.4  / Tinyportal 3.0.1, bridged with Coppermine 1.6.25, plus cpmfetch 2.0.0

keithsnell1

Quote from: lurkalot on November 19, 2015, 07:43:53 PM
I also need this bridge.  We already adapted a version of Tinyportal 2 for SMF 2.1 beta 2. http://cctestsite.info/testsite3/  So when SMF 2.1 goes gold I'll want to switch asap.

That's good to know.  :)

Also good to know that you have adapted Tinyportal to work with SMF 2.1.  I'm using Tinyportal as well, so it's good to know it will continue to work with SMF 2.1.

Thank you for responding.  I'll continue with my upgrades for now, but it sure would be nice to know that I'm not working towards a dead end.

keithsnell1

Quote from: gmc on November 19, 2015, 09:44:39 PM
If I can better understand the issue - certainly willing to help..
(I don't have a 2.1 forum to play with yet - but I can fix that shortly...)

Greg

Thank you Greg.  I have way too many images in my galleries to try to make a clean break from Coppermine. 

I wish I could help with the coding but you guys are WAY over my head.

Thanks for looking into this.

Keith

gmc

I have my testbed now... SMF 2.1 Beta 2 and CPG 1.5.40.
And can certainly confirm bridging doesn't work... lol...
Never end up logged in to CPG.

I need to dig deeper into where the problem really is...
Welcome for pointers/suggestions from those that have coded more in the bridging area... It's not one that I've worked on before - but willing to dig in and learn.
Thanks!
Greg
My Coppermine Gallery
Need a web hosting account? See my gallery for an offer for CPG Forum users.
Send me money

lurkalot

Quote from: gmc on November 20, 2015, 01:08:25 AM
I have my testbed now... SMF 2.1 Beta 2 and CPG 1.5.40.
And can certainly confirm bridging doesn't work... lol...
Never end up logged in to CPG.


That's what I found.  Just in case you missed it http://forum.coppermine-gallery.net/index.php/topic,77951.msg376846.html#msg376846

I'm pretty sure it worked until they changed to BCrypt.  There's a link to that commit in that post I just linked to, and the post above it.
Running SMF 2.1.4  / Tinyportal 3.0.1, bridged with Coppermine 1.6.25, plus cpmfetch 2.0.0

keithsnell1

Quote from: gmc on November 20, 2015, 01:08:25 AM
I have my testbed now... SMF 2.1 Beta 2 and CPG 1.5.40.
And can certainly confirm bridging doesn't work... lol...
Never end up logged in to CPG.

Progress!  :)

Thanks again for looking into this.

Keith

gmc

I looked at your link earlier lurkalot... That was where I got the quote from their commit.

I'm trying to figure why the password encryption change would break it - as we defer login/logout to the forum when bridged... As I understand it (and why I'm asking for suggestions) - is our login process is bypassed - and we use the session info to confirm login.
They changed cookies to sha512 at same time - but not seeing where we referenced sha256 either.

I'll read through the code as I can (my day job been hectic) - and piece together what we do unless someone else has some insight.

SMF indicates at least one more beta coming before it goes live... Of course means they can change things again too.
Thanks!
Greg
My Coppermine Gallery
Need a web hosting account? See my gallery for an offer for CPG Forum users.
Send me money

lurkalot

Quote from: gmc on November 20, 2015, 01:34:39 AM

SMF indicates at least one more beta coming before it goes live... Of course means they can change things again too.

That's the reason I've had trouble getting help with this problem from the SMF team.  They always advise to hold off on building mods and themes until nearer release.   There's been quite a few changes between betas so far. If I find out anything of use I'll pass it on to you straight away.
Running SMF 2.1.4  / Tinyportal 3.0.1, bridged with Coppermine 1.6.25, plus cpmfetch 2.0.0

dpaulat

I've created an SMF bridge for 2.1.x for cpg1.6.x at the following link:
https://github.com/coppermine-gallery/cpg1.6.x/pull/17

I don't have a 1.5.x instance to test with, but the changes were relatively minor from the 2.0.x bridge.  As follows are differences between smf20.inc.php and smf21.inc.php:

21,22c21,22
<         'full_name' => 'Simple Machines (SMF) 2.0.x',
<         'short_name' => 'smf20',
---
>         'full_name' => 'Simple Machines (SMF) 2.1.x',
>         'short_name' => 'smf21',
86c86
<                 'password' => 'SHA1(CONCAT(passwd, password_salt))', // name of the password field in the users table
---
>                 'password' => 'SHA2(CONCAT(passwd, password_salt), 512)', // name of the password field in the users table
122c122
<                 $data = unserialize($superCage->cookie->getRaw($this->cookie_name));
---
>                 $data = json_decode($superCage->cookie->getRaw($this->cookie_name));
124c124
<                 if (is_numeric($data[0]) && preg_match('/^[A-F0-9]{40}$/i', $data[1])) {
---
>                 if (is_numeric($data[0]) && preg_match('/^[A-F0-9]{128}$/i', $data[1])) {


The important part is the change from a 160-bit hash to 512-bit, as well as the cookie format.  The bcrypt implementation doesn't matter, as what both compares have already been run through bcrypt.  This works with the latest beta version on the release-2.1 branch.

phill104

Many thanks for your excellent contributions
It is a mistake to think you can solve any major problems just with potatoes.

theqe2story

Hi there,

Deliberately replying to an old topic, as its hugely relevant!

SMF 2.0.16. was released a couple of days ago, and it changes how the Cookie works - which breaks the bridge (with my 1.5.48 anyway) - as I understand it, it now works the same with SMF 2.0.16 as it does in SMF 2.1.

The developers have posted this information about it :- https://www.simplemachines.org/community/index.php?topic=570989

Thanks for any assistance with this.

- Rob

lurkalot

Quote from: theqe2story on December 29, 2019, 06:09:08 PM
Hi there,

Deliberately replying to an old topic, as its hugely relevant!

SMF 2.0.16. was released a couple of days ago, and it changes how the Cookie works - which breaks the bridge (with my 1.5.48 anyway) - as I understand it, it now works the same with SMF 2.0.16 as it does in SMF 2.1.

The developers have posted this information about it :- https://www.simplemachines.org/community/index.php?topic=570989

Thanks for any assistance with this.

- Rob

Although the works much the same as SMF 2.1 the 2.1 bridge won't work for SMF 2.0 as far as I'm aware.  Just wanted to note this.  ;)

I didn't upgrade my main site running SMF 2.0.15 bridge with Coppermine because I hadn't tested it with 2.0.16 prior to release.  Wish I had now.   I did upgrade my test site which broke the bridge, and have now rolled it back to 2.0.15 until this is fixed. 

Also getting depreciated warnings on my bridge manager running in php 7.2
Running SMF 2.1.4  / Tinyportal 3.0.1, bridged with Coppermine 1.6.25, plus cpmfetch 2.0.0

ron4mac

#32
Attached a quick fix for CPG 1.5.48 SMF20 bridge in another thread.
And attached here is the same fix for CPG 1.6.x
Backwards compatible with SMF2.0.x versions prior to 2.0.16

lurkalot

Thanks Ron, I'll give it a test.  ;)
Running SMF 2.1.4  / Tinyportal 3.0.1, bridged with Coppermine 1.6.25, plus cpmfetch 2.0.0

lurkalot

#34
Ron.  I'm not having any luck with this one, although I'm showing as bridged in the database the login isn't being shared at all.  Logged in on SMF but not in Coppermine unfortunately. I'm running Coppermine 1.6.06

Sorry, ignore that.  Works a treat.  Not sure what happened must have uploaded the wrong file or something.  Thank you Ron.   ;)
Running SMF 2.1.4  / Tinyportal 3.0.1, bridged with Coppermine 1.6.25, plus cpmfetch 2.0.0

GL700Wing

Quote from: ron4mac on December 29, 2019, 09:21:35 PM
Attached a quick fix for CPG 1.5.48 SMF20 bridge in another thread.
And attached here is the same fix for CPG 1.6.x
Backwards compatible with SMF2.0.x versions prior to 2.0.16
Perfect - worked like a charm!  Thanks!!

rbradbury

Quote from: ron4mac on December 29, 2019, 09:21:35 PM
Attached a quick fix for CPG 1.5.48 SMF20 bridge in another thread.
And attached here is the same fix for CPG 1.6.x
Backwards compatible with SMF2.0.x versions prior to 2.0.16
Many thanks from me, too.  Works for my bridged setup (SMF 2.0.16)
Just in case you're scratching your head about how to update your gallery, I used the following steps which may or may not all be necessary...
1. Unbridge the forum and gallery (access bridge manager by appending /bridgemgr.php to the end of your gallery URL). Your login is your standalone Coppermine admin credentials
2. Rename the existing smf20.inc.php file to something like smf20.inc.php.old
3. Download, unzip and the upload the patch to your gallery/bridge folder
4. Log in as standalone Coppermine admin. Navigate to Config>bridge manager and run the bridging wizard. https://documentation.coppermine-gallery.net/en/bridging.htm

theqe2story

Just to let you know I just upgraded my Coppermine Gallery from 1.5.48 to 1.6.7 - bridge stopped working - this file fixed it.

Thank you so much for this.

1.6.7 working perfecting with SMF 2.0.17.