Joomla 3.2.1 password encryption

前端 未结 3 1337
北海茫月
北海茫月 2020-11-27 18:35

When the user register on the site , and I look in the database joomla_users in the password table, there are password stored in the following formats:

  • $P$D

相关标签:
3条回答
  • 2020-11-27 19:14

    Try this,

    The following piece of code is creating Joomla standard password (Older Version 1.5,1.7 etc).

     jimport('joomla.user.helper');
     $salt = JUserHelper::genRandomPassword(32);
     $crypt = JUserHelper::getCryptedPassword($password_choose, $salt);
     $password = $crypt.':'.$salt;
    

    Joomla 3.2+ introduced PHP's password algorithm bcrypt but it required a minimum PHP 5.3+ If you plan to use bcrypt make sure your server PHP version is capable for this, read more here.

    The other Version of Joomla Using the following methods (Joomla 3.x)

     jimport('joomla.user.helper');
     $yourpass = JUserHelper::hashPassword($password_choose);
    

    The older algorithm also works fine in latest version too , only difference is older version creates a 65 character password and new one creates 34 character string. always go with updated version

    Also if you are using external script should include Joomla framework like below. This should at very top of your external php file

    define( '_JEXEC', 1 );
    define('JPATH_BASE', dirname(__FILE__) );//this is when we are in the root
    define( 'DS', DIRECTORY_SEPARATOR );
    
    require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
    require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
    
    $mainframe =& JFactory::getApplication('site');
    $mainframe->initialise();
    

    Also you mentioned you have to check users credential then no need to check password format and all thing just use below codes after framework loads.

       $credentials['username'] = $data['username']; //user entered name
       $credentials['password'] = $data['password']; //users entered password
       $app = JFactory::getApplication();
       $error = $app->login($credentials, $options);
       if (!JError::isError($error)) {
        // login success
        }
      else{
        //Failed attempt
       }
    

    hope it helps..

    0 讨论(0)
  • 2020-11-27 19:15

    Joomla's default user class no longer uses salted MD5 to hash the password. The bind function of the JUser class now calls JUserHelper::hashPassword($array['password']) to encrypt the password.

    That function is currently this:

    public static function hashPassword($password)
        {
                // Use PHPass's portable hashes with a cost of 10.
                $phpass = new PasswordHash(10, true);
    
                return $phpass->HashPassword($password);
        }
    

    And that means that it now relies on PHPass which you can read more about here: http://www.openwall.com/phpass/. Based on reading just the intro of this site, I'm guessing that the encryption is now bcrypt instead of MD5, but Joomla may have overriden the default encryption.

    0 讨论(0)
  • 2020-11-27 19:22

    With David Fritsch answer I get to do a encrypted password as Joomla does:

    <?php
        define( '_JEXEC', 1 );
        define('JPATH_BASE', dirname(__FILE__) );//this is when we are in the root
        define( 'DS', DIRECTORY_SEPARATOR );
    
        require_once( JPATH_BASE .DS.'includes'.DS.'defines.php' );
        require_once( JPATH_BASE .DS.'includes'.DS.'framework.php' );
    
        $mainframe =& JFactory::getApplication('site');
        $mainframe->initialise();
    
        jimport('joomla.user.helper');
        $password = "test";     
        echo "<strong>Password: </strong>" . JUserHelper::hashPassword($password);
    ?>
    

    Note that you have to store the file in joomla root directory, or change JPATH_BASE.

    0 讨论(0)
提交回复
热议问题