The Problem: What I need to do is recreate the procedure that arrives me at the hashed password that is stored in my user table on our mysql database. that has been created by joomla.
_> this post http://forum.joomla.org/viewtopic.php?f=432&t=207689
has the following tip.
###############################
Joomla! 1.5 uses md5 to hash the passwords. When the passwords are created, they are hashed with a 32 character salt that is appended to the end of the password string. The password is stored as {TOTAL HASH}:{ORIGINAL SALT}.
To see how this is tested for authentication take a look at plugins/authentication/joomla.php lines 80-116.
###################################
so here's the solution .
-> we do a mysql search on the username and get the password.
-> split it at : and the second part is the Salt.
-> $pwd_partone = md5($pwd.$salt);
$pwd = $pwd_partone.':'.$salt;
and we should be able to get in.
Here's the code I have that works ->
// let's find out what the passwrod in the database is for this user
$sql1 = "SELECT * FROM jos_users WHERE username = '$uid'";
$rst1 = mysql_query($sql1);
$row1 = mysql_fetch_array($rst1);
$full_password = $row1['password'];
// now we have the password we'll need to split it into 2 at the ':' mark
$password_array = explode(':', $full_password);
// let's name those two elements to make it clear what's going on
list($full_hashed_password,$salt) = $password_array ;
// the next bit adds the salt to the pwd we have entered from our form
$pwd_partone = md5($pwd.$salt);
// let's rebuild the new password so we can check it against the one we have in the database
$pwd_revised = $pwd_partone.':'.$salt;
// all good to check now
if ( $pwd_revised == $full_hashed_password){
echo 'the password matches';
$login_success = TRUE;
} else {
echo 'the password doesn't match :(';
$login_success = FALSE;
}
?>
BE WARNED THOUGH
it's not over yet though the next stage is to make sure you check the privlages. at present all users will have access - unless that's what you want of course.
No comments:
Post a Comment