[英]using php to create a joomla user password?
I'm trying to create a custom registration component for Joomla, and I was wondering if anyone knew how to create the correct password encryption for joomla? 我正在尝试为Joomla创建一个自定义注册组件,我想知道是否有人知道如何为joomla创建正确的密码加密? Joomla passwords look like this :
Joomla密码看起来像这样:
fbae378704687625a410223a61c66eb1:VM6DwmVWHTwpquDq51ZXjWWADCIc93MR fbae378704687625a410223a61c66eb1:VM6DwmVWHTwpquDq51ZXjWWADCIc93MR
Which I believe are md5 (or something) and one way encryption? 我相信md5(或其他东西)和单向加密? Am just looking for a php code of sorts to create that same encryption.
我只是在寻找各种PHP代码来创建相同的加密。
Cheers 干杯
$salt = JUserHelper::genRandomPassword(32);
$crypt = JUserHelper::getCryptedPassword("yourpassword", $salt);
$password = $crypt.':'.$salt;
After a bit more searching i found my answer, thanks guys for your help :) 经过一番搜索,我找到了答案,谢谢你的帮助:)
EDIT: I forgot to mention that you need to include this line before calling JUserHelper: 编辑:我忘了提到你需要在调用JUserHelper之前包含这一行:
jimport('joomla.user.helper'); jimport( 'joomla.user.helper');
From joomla Forum, that's what happen behind: 来自joomla论坛,这就是背后发生的事情:
Example: 例:
+1 for storing the hash of the password rather than storing the password itself. +1用于存储密码的哈希值,而不是存储密码本身。
To protect against precomputation attacks you should use a random salt. 为防止预计算攻击,您应该使用随机盐。 Additionaly it's probably a good idea to use a stronger hashing algorithm such as SHA-256 which I think is supported on PHP.
另外,使用更强大的散列算法(如SHA-256)可能是一个好主意,我认为它支持PHP。 See Secure hash and salt for PHP passwords for more information.
有关更多信息,请参阅用于PHP密码的Secure hash和salt 。
I don't know PHP, but most languages have a library that supports md5 and (and other hashing algorithms) PHP appears to also. 我不懂PHP,但是大多数语言都有一个支持md5的库和(以及其他哈希算法),PHP似乎也是如此。 I found this:
我找到了这个:
string md5 ( string $str [, bool $raw_output = false ] )
Calculates the MD5 hash of str using the » RSA Data Security, Inc. MD5 Message-Digest Algorithm, and returns that hash. 使用»RSA Data Security,Inc。MD5消息摘要算法计算str的MD5哈希值,并返回该哈希值。
Here's an example: 这是一个例子:
<?php
$password = 'apple';
if (md5($password) === '1f3870be274f6c49b3e31a0c6728957f') {
echo "Password correct";
}
?>
You can go to /libraries/joomla/user
and see the bind()
function within user.php
您可以转到
/libraries/joomla/user
并查看user.php
的bind()
函数
All the users passwords creates in registration time will be in here. 注册时间内创建的所有用户密码都将在此处。
//function to encrypt the string
function encode5t($str)
{
for($i=0; $i<5;$i++)
{
$str=strrev(base64_encode($str)); //apply base64 first and then reverse the string
}
return $str;
}
//function to decrypt the string
function decode5t($str)
{
for($i=0; $i<5;$i++)
{
$str=base64_decode(strrev($str)); //apply base64 first and then reverse the string}
}
return $str;
}
In this function, i've encrypted the string 5 times with base64_encode and reversing the string with strrev() and for decrypting 5 times by reversing the string first then applying base64_decode() . 在这个函数中,我使用base64_encode对字符串进行了5次加密,并使用strrev()反转字符串,并通过首先反转字符串然后应用base64_decode()来解密5次。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.