iJay
iJay

Reputation: 4293

What is Joomla 2.5 Password Encryption method?

I'm developing a web site using Joomla 2.5. I have Included another sample site for the above parent site. from this child site I'm gonna add new users to the database. but these two sites are uses different method to password encryption.

I found something on web as Joomla encryption but it seems to be not working.

function genRandomPassword($length=32) 
{
$salt       = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$makepass   = '';
mt_srand(10000000*(double)microtime());
for ($i = 0; $i < $length; $i++)
    $makepass .= $salt[mt_rand(0,61)];
return $makepass;
}

    if ( strlen($_POST['pwd']) > 100 )
    {
        $_POST['pwd'] = substr( $_POST['pwd'], 0, 100 );
    }

    $salt = genRandomPassword();
    $pass= md5(stripslashes($_POST['pwd']).$salt) .':'.$salt;

Isn't this the method or where am I doing wrong?

Thank you

Upvotes: 0

Views: 6464

Answers (3)

Developer
Developer

Reputation: 3998

I dont think we can get salt in new joomla versions. the pattern dividing password and salt with ":" is no more being used by joomla.

I got to log the user in from external source using joomla username and password. This works for 2.5.24(as I worked on this version when I used it. hope it should work with joomla 3.x.x as well)

I'm doing this login functionality with the following code in the function called

onUserAuthenticate($credentials, $options, &$response)

this is how I've used for log in user:

 // Get a database object
$db   = JFactory::getDbo();
$query   = $db->getQuery(true);

$query->select('id, password');
$query->from('#__users');
$query->where('username=' . $db->Quote($credentials['username']). 'OR email=' . $db->Quote($credentials['username'])) ;

$db->setQuery( $query );
$result = $db->loadObject();

//######################



if ($result)
{
   $match = JUserHelper::verifyPassword($credentials['password'], $result->password, $result->id);
      if ($match === true)
   {
      $user = JUser::getInstance($result->id); // Bring this in line with the rest of the system
      // echo 'here'; print_r($user);die('xxxxxssyyyyyyeeeeesssss');
      $response->email = $user->email;
      $response->fullname = $user->name;

      if (JFactory::getApplication()->isAdmin())
      {
         $response->language = $user->getParam('admin_language');
      }
      else
      {
         $response->language = $user->getParam('language');
      }
      $response->status = JAuthentication::STATUS_SUCCESS;
      $response->error_message = '';
   }
}

hope this helps some one!!

Upvotes: 1

RemoRoid
RemoRoid

Reputation: 47

I find the answer : A. user typed password - 'testing'

B. take from database record which you saved for this user: 5cf56p85sf15lpyf30c3fd19819p58ly:aNs1L5PajsIscupUskaNdPenustelsPe

C. concatenate user password with second part of record (from step -> testingaNs1L5PajsIscupUskaNdPenustelsPe

D. generate MD5 of step C

E. compare result of step C with first part of record from step B (5cf56p85sf15lpyf30c3fd19819p58ly), if its the same it means user typed correct password

Upvotes: 3

iJay
iJay

Reputation: 4293

Finally found the way; thinks this will help someone else :)

    if ( strlen($_POST['pwd']) > 100 )
     {
        $_POST['pwd'] = substr( $_POST['pwd'], 0, 100 );
     }

     $salt = genRandomPassword();
    //$pass is the encripted password
     $pass= md5(stripslashes($_POST['pwd']).$salt) .':'.$salt;

Hash generation as follows:

    function genRandomPassword($length = 32)
    {
     $salt = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
     $len = strlen($salt);
     $makepass = '';
     mt_srand(10000000 * (double) microtime());

     for ($i = 0; $i < $length; $i ++) {
        $makepass .= $salt[mt_rand(0, $len -1)];
     }

     return $makepass;
    }

Upvotes: 1

Related Questions