堆栈内存溢出
  简体   繁体   English

如何根据 MediaWiki 用户表哈希密码验证密码?

[英]How to verify a password against MediaWiki user table hashed password?

 原文  2012-11-16 17:25:10       php/ hash/ passwords/ mediawiki

问题描述

I am trying to combine my chat application login with my MediaWiki login.我正在尝试将我的聊天应用程序登录名与我的 MediaWiki 登录名结合起来。 The chat application has an odd way of authenticating and I have modded it to work with a DB.聊天应用程序有一种奇怪的身份验证方式,我对其进行了修改以与数据库一起使用。

I am trying to match the password that the user inputs in the chat login with the one stored in the MediaWiki user table, but I cannot figure out how MediaWiki hashes its passwords.我试图将用户在聊天登录中输入的密码与 MediaWiki 用户表中存储的密码相匹配,但我无法弄清楚 MediaWiki 如何散列其密码。 I do know that I am using the default salted hashing.我确实知道我正在使用默认的加盐散列。 Does anyone have a function that can recreate this?有没有人有可以重新创建这个的功能?

I have tried:我试过了:

hash('md5', $password);

but there is more to it that I cannot figure out.但还有更多我无法弄清楚的。

2 个解决方案

解决方案1
 1  2012-11-16 17:40:46

If this wiki page is to be believed, to verify a password against the stored database value, you could do this:如果要相信此 wiki 页面,要根据存储的数据库值验证密码,您可以执行以下操作:

list($dummy, $type, $salt, $hash) = explode(':', $db_password);

$pwd_hash = md5($user_password);
if ($type == 'B' && md5("$salt-$pwd_hash") === $hash) {
    // yay success, type B
} elseif ($type == 'A' && $salt === $pwd_hash) {
    // yay success, type A
} else {
    // password is wrong or stored password is in an unknown format
}

Assuming $db_password is the database value and $user_password is the supplied password to verify against.假设$db_password是数据库值, $user_password是提供的密码以进行验证。

解决方案2
 1 已采纳  2012-11-16 17:49:49

This is all straight off the top of my head, but:这完全是我的头顶,但是:

<?php
//let's pretend these were entered by the user trying to authenticate
$username = 'ted';
$password = 'password';

//PDO-like syntax. I wrote my own class around it and I don't remember how to do it raw.
$query = "SELECT pw_hash FROM user_table WHERE username = ?";
$rs = $dbh->doQuery($query, array($username));
if( count($rs) == 0 ) { throw new Exception('no user'); }

//will be either
//:A:5f4dcc3b5aa765d61d8327deb882cf99
//:B:838c83e1:e4ab7024509eef084cdabd03d8b2972c

$parts = explode(':', $rs[0]['pw_hash']);
print_r($parts); //$parts[0] will be blank because of leading ':'

switch($parts[1]) {
    case 'A':
        $given_hash = md5($password);
        $stored_hash = $parts[2];
        break;
    case 'B':
        $given_hash = md5($parts[2] . md5($password));
        $stored_hash = $parts[3];
        break;
    default:
        throw new Exception('Unknown hash type');
        break;
}

if( $given_hash === $stored_hash) {
    echo "login was succesful.";
} else {
    echo "login failed.";
}

Props to Jack's comment on the question with this link to mediawiki docs.通过指向mediawiki 文档的链接,支持 Jack 对该问题的评论。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何验证哈希密码 - How to verify an hashed password 如何验证哈希密码? - how to verify the hashed password? 用户登录时如何验证哈希密码 - How to verify hashed password when a user logs in 密码验证无法将哈希密码与用户输入的密码进行比较 - password verify not working to compare hashed password with user entered password password_verify 用于哈希密码 - password_verify for hashed password 验证密码是否散列 - Verify a password is hashed 如何在 NodeJS 应用程序中验证 PHP 散列密码 - How to verify a PHP hashed password in a NodeJS app 如何针对数据库检查哈希密码 - How to check a hashed password against database 如何验证用户输入的密码是否与存储在MySQL数据库中的哈希密码匹配 - How to verify user entered password matches hashed password stored in MySQL database 如何验证数据库的密码? - How to verify password against database?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM