Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
In this Discussion
- aery May 2012
- luisgzafra May 2012
- peregrine May 2012
- x00 May 2012
How vanilla encodes passwords?
luisgzafra
newb
in Questions
How vanilla encodes passwords?
I saw it was in md5, but not sure, can you clarify me?
Best Answer
-
luisgzafra
newb
I have to use it in another script that is not vanilla, so it was like this:
$Vanilla_PasswordHash = new PasswordHash(); $a = $Vanilla_PasswordHash->HashPassword('123456'); echo $Vanilla_PasswordHash->CheckPassword('123456', $a, 'Vanilla'); echo $a;Now all I have to change the subdomain HashMethod vanilla to the site, a random string or something.
Although return different strings, it works.
Solved, Thanks! ;)
*How do i thank on this board? ¿Karma or something?
Answers
passeords are in md5 hash
- Spam
- Abuse
- Troll
0 • Off Topic Insightful Awesome LOL •sort of.
you can use different ways. the default is phppass
which is simular to md5 and uses it in it algorithm
http://www.openwall.com/phpass/
Don't PM about development, I'm not currently taking on clients.
grep is your friend.
- Spam
- Abuse
- Troll
1 • Off Topic Insightful 1Awesome LOL •actually not quite
Don't PM about development, I'm not currently taking on clients.
grep is your friend.
- Spam
- Abuse
- Troll
1 • Off Topic Insightful 1Awesome LOL •For example, for 123456 it save in User (table), Password = $P$BrCcPc.mOwmL.7dO6EExggauzt0YqG/
For 111111 I need get the hash.
I only need encode.
I'm seeing PasswordHash class, I'll look phpass
- Spam
- Abuse
- Troll
0 • Off Topic Insightful Awesome LOL •Don't PM about development, I'm not currently taking on clients.
grep is your friend.
- Spam
- Abuse
- Troll
0 • Off Topic Insightful Awesome LOL •I saw that, but generates a random string is not always the same pass.
I need it when creating a new site, insert the password of the administrator.
I think the HashMethod row has something to do.
- Spam
- Abuse
- Troll
0 • Off Topic Insightful Awesome LOL •$PasswordHash->CheckPassword('123456', '$P$BrCcPc.mOwmL.7dO6EExggauzt0YqG/', 'Vanilla');returns true.
I'm still seeing this class.
- Spam
- Abuse
- Troll
0 • Off Topic Insightful Awesome LOL •Yes you need both the stored hash and the suposed password to check. This is an extra layer of security.
They are not directly compared, in effect phppass uses crypt_private to retrieve the actual hash that can be compared to the storedhash
Have a look at CheckPassword
Don't PM about development, I'm not currently taking on clients.
grep is your friend.
- Spam
- Abuse
- Troll
1 • Off Topic Insightful 1Awesome LOL •HashMethod row determines whether you are goign to use phppass in the first place.
Don't PM about development, I'm not currently taking on clients.
grep is your friend.
- Spam
- Abuse
- Troll
1 • Off Topic Insightful 1Awesome LOL •so the method is if there is already a record you need both the stored has hash the password to create a hash to compare to the stored hash. Make sense?
Don't PM about development, I'm not currently taking on clients.
grep is your friend.
- Spam
- Abuse
- Troll
1 • Off Topic Insightful 1Awesome LOL •so the user either exist, or you create them.
Don't PM about development, I'm not currently taking on clients.
grep is your friend.
- Spam
- Abuse
- Troll
1 • Off Topic Insightful 1Awesome LOL •You must also add $portable_hashes = 'vanilla'.
- Spam
- Abuse
- Troll
0 • Off Topic Insightful Awesome LOL •I leave it written for anyone else who needed it in the future ...
- Spam
- Abuse
- Troll
0 • Off Topic Insightful Awesome LOL •luisgzafra said:
You click like on x00's comments.
factoid: Most questions have been previously answered, try the search box first, please provide your Vanilla version Number!
Peregrine's Addons - donations gladly accepted for "successful solutions" and addons - kind of like tipping a waiter at a restaurant
- Spam
- Abuse
- Troll
1 • Off Topic Insightful 1Awesome LOL •Thanks @peregrine!
- Spam
- Abuse
- Troll
0 • Off Topic Insightful Awesome LOL •