简体   繁体   中英

using php to create a joomla user password?

I'm trying to create a custom registration component for Joomla, and I was wondering if anyone knew how to create the correct password encryption for joomla? Joomla passwords look like this :

fbae378704687625a410223a61c66eb1:VM6DwmVWHTwpquDq51ZXjWWADCIc93MR

Which I believe are md5 (or something) and one way encryption? Am just looking for a php code of sorts to create that same encryption.

Cheers

$salt = JUserHelper::genRandomPassword(32);
$crypt = JUserHelper::getCryptedPassword("yourpassword", $salt);
$password = $crypt.':'.$salt;

After a bit more searching i found my answer, thanks guys for your help :)

EDIT: I forgot to mention that you need to include this line before calling JUserHelper:

jimport('joomla.user.helper');

From joomla Forum, that's what happen behind:

  1. Generate a password
  2. Generate 32 random characters
  3. Concatenate 1 and 2
  4. md5(3)
  5. store 4:2

Example:

  1. Generate a password - we'll use 'password'
  2. Generate 32 random characters - we'll use 'WnvTroeiBmd5bjGmmsVUnNjppadH7giK'
  3. Concatenate 1 and 2 - passwordWnvTroeiBmd5bjGmmsVUnNjppadH7giK
  4. md5(3) - 3c57ebfec712312f30c3fd1981979f58
  5. store 4:2 - 3c57ebfec712312f30c3fd1981979f58:WnvTroeiBmd5bjGmmsVUnNjppadH7giK

+1 for storing the hash of the password rather than storing the password itself.

To protect against precomputation attacks you should use a random salt. Additionaly it's probably a good idea to use a stronger hashing algorithm such as SHA-256 which I think is supported on PHP. See Secure hash and salt for PHP passwords for more information.

I don't know PHP, but most languages have a library that supports md5 and (and other hashing algorithms) PHP appears to also. I found this:

string md5 ( string $str [, bool $raw_output = false ] )

Calculates the MD5 hash of str using the » RSA Data Security, Inc. MD5 Message-Digest Algorithm, and returns that hash.

Here's an example:

<?php
$password = 'apple';

if (md5($password) === '1f3870be274f6c49b3e31a0c6728957f') {
    echo "Password correct";
}
?>

You can go to /libraries/joomla/user and see the bind() function within user.php

All the users passwords creates in registration time will be in here.

  //function to encrypt the string
    function encode5t($str)
    {
      for($i=0; $i<5;$i++)
      {
        $str=strrev(base64_encode($str)); //apply base64 first and then reverse the string
      }
      return $str;
    }

    //function to decrypt the string
    function decode5t($str)
    {
      for($i=0; $i<5;$i++)
      {
        $str=base64_decode(strrev($str)); //apply base64 first and then reverse the string}
      }
      return $str;
    }

In this function, i've encrypted the string 5 times with base64_encode and reversing the string with strrev() and for decrypting 5 times by reversing the string first then applying base64_decode() .

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM