Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with Facebook Sign In with Google Sign In with OpenID Sign In with Twitter
Support for Vanilla Forums Cloud product

In this Discussion

Follow Us


Password encrypt type

edited February 2012 in Questions

I am trying to use vanilla users table on another Codeigniter app. But for that i need to know how is password hashed in vanilla so that i can compare it with the password entered by user upon login.

Help please to identify the method used.

Answers

  • hash and crypt are two different things, but they are both encodings. A hash is a one way encoding, it is not intended to be "decrypted".

    Actually you can use SSO like proxy connect, or jsconnect. Look them up in the documentation.

    Vanilla can use a a variety of hash methods.

    grep is your friend.

  • Yup i am going through proxyconnect plugin documentation but m unable to understand the part about setting up cookies. Can you help me please?

    I mean where i have to insert the code of setting the cookies?

    And is there any other way to change hash method of vanilla?

  • sahotataransahotataran Developer, Bay Area - CA ✭✭✭
    edited February 2012

    i found this setting in config-default.php

    $Configuration['Garden']['Cookie']['HashMethod']                = 'md5'; // md5 or sha1

    dont know if this is helpful to u in any respect

    Theme Charcha for great desktop and mobile experience! - drop me a message :)

  • @sahotataran Thanx but its not md5 once right? I meant how to make my password exactly same hash as the one stored in vanilla DB so that i can compare them both !

  • sahotataransahotataran Developer, Bay Area - CA ✭✭✭

    frankly i have no experieince with it - i am just looking for variables that might be useful to u

    check this setting -

    $Configuration['Garden']['Cookie']['Salt'] =

    i found it in config.php

    Theme Charcha for great desktop and mobile experience! - drop me a message :)

  • TimTim Lord of Servers Vanilla Staff

    In truth we use a library called 'phpass' which handles the hashing. It is not a 100% md5, as you can tell by the presence of the dollar signs.

    Read more about 'phpass' here http://www.openwall.com/phpass/

    Vanilla Forums Senior Developer [GitHub, Twitter, About.me]

Sign In or Register to comment.