Page 1 of 1
User authentication
Posted: Sat Jan 12, 2008 6:26 am
by v1rax
hello I'm making a application that will be hosted on the different server from my joomla installaion. I want this application to use my joomla user DB.
so far I've finished the registration system .. works perfect (reged users from the remote server login without problem on joomla).
I figured out how to insert password in the DB using joomlas format "md5($password.$salt):salt" ...now I need help with comparing the user input login password to the encoded password in the db jos_users.
I'm not very good in php help would be appreciated.
note: I use remote mysql connection to interact with my joomla's db from the remote server.
Re: User authentication
Posted: Sun Jan 13, 2008 2:16 am
by ianmac
Well... say you had the user's password... how would you get the value to match the one in the database?
You have answered the question yourself really...
You insert the password, hash it using md5 ($password.$salt):salt... right?
So, you have password... and you can get the salt...
So calculate md5( $password.$salt ) and compare it to the value in the database.
Ian
Re: User authentication
Posted: Sun Jan 13, 2008 2:21 am
by v1rax
ok lets say I creat a user with this info ... username:test password:test then delete that user and remake with same info .. would it have the same salt and hash as the first one?
oh and I understand what to do with comparing the values now... thanks
Re: User authentication
Posted: Sun Jan 13, 2008 2:27 am
by ianmac
No, the salt just be randomly generated every time you save a password. Just store the new salt along with the password.
Ian
Re: User authentication
Posted: Sun Jan 13, 2008 2:33 am
by v1rax
hmm I'm having some problems..
I'm thinking that I'm going to have to do the same "md5 ($password.$salt):salt" with the user input from the login form to be able to compare it with whats in the db. this would result in the creation of a different salt.. or is there a way to decrypt the db info and change it to plain text so i can compare it with the user input..
Re: User authentication
Posted: Sun Jan 13, 2008 2:42 am
by ianmac
When comparing,
get the salt from the database, add it to the password, and md5 hash it.
This value should equal the hashed value stored in the database.
Ian
Re: User authentication
Posted: Sun Jan 13, 2008 2:46 am
by v1rax
the original salt is stored as "hashed password:original salt" in the password field.. how can I get the original salt without getting the hased password too.
Thanks for helping
Re: User authentication
Posted: Sun Jan 13, 2008 2:18 pm
by ianmac
Just grab the part after the colon.
Ian
Re: User authentication
Posted: Tue Jan 15, 2008 5:02 am
by v1rax
hey thanks something like this did it!
Code: Select all
$result = mysql_query("select password from jos_users where username='$username' limit 1");
$passw = explode(":",mysql_result($result,0));
$after_sqlt = $passw[1];