PHP how sha1 get this?

Question

I have my own little website and encrypting with sha1, now i try connect it to a SMF forum, but the sha1 codes is not the same?

My code

$password = "thisisatestpass";
$encrypted_password=sha1($password);
echo $encrypted_password; //03d858ce5f3b29b153b0392f196cff6f6e8684d0

SMF: 78481983d348ce4fbfabaccbb59af8ea95471f0c

Answer 1

Looking into the source code of SMF 2.0.8 (Profile-Modify.php) you can see that the password is generated as follows:

// Go then.
$passwd = sha1(strtolower($cur_profile['member_name']) . un_htmlspecialchars($_POST['passwrd1']));

Please be aware that you need SMF un_htmlspecialchars() function in order to get 100% correct results.

Answer 2

I got it, you don't need the SALT to do this, all you need is the username and the password.

The PHP code looks like this:

$username = "name";
$password = "pass";

$login = sha1($username.$password);

I asked for this and i just needed some time to try many ways, then this one worked. Thx any way guys :)

Answer 3

You'll need to find the salt used and then try to hash with

sha1($the_salt.$password);

You should try looking for the hash with phpMyAdmin in the tables used by SMF. And according to what I see on smf support forums, using an alternate integration with hooks must be more robust (keeping in mind the changes done to hashing in the previous versions)

Answer 4

According to this thread, SMF salts the password with the lowercased username before passing it through sha1.

Try sha1(strtolower($your_username) . $password);

Answer 5

As i know, SMF use salt for hashes. So, try to look for salt in database.