using php to create a joomla user password?

前端未结

关注

 5  664

I\'m trying to create a custom registration component for Joomla, and I was wondering if anyone knew how to create the correct password encryption for joomla? Joomla passwor

相关标签:

5条回答

臣服心动

2020-12-09 13:22

You can go to /libraries/joomla/user and see the bind() function within user.php

All the users passwords creates in registration time will be in here.

0 讨论(0)
发布评论:

提交评论
- 加载中...
一整个雨季

2020-12-09 13:27
```
$salt = JUserHelper::genRandomPassword(32);
$crypt = JUserHelper::getCryptedPassword("yourpassword", $salt);
$password = $crypt.':'.$salt;
```
After a bit more searching i found my answer, thanks guys for your help :)

EDIT: I forgot to mention that you need to include this line before calling JUserHelper:

jimport('joomla.user.helper');
0 讨论(0)
发布评论:

提交评论
- 加载中...

再見小時候

2020-12-09 13:28

  //function to encrypt the string
    function encode5t($str)
    {
      for($i=0; $i<5;$i++)
      {
        $str=strrev(base64_encode($str)); //apply base64 first and then reverse the string
      }
      return $str;
    }

    //function to decrypt the string
    function decode5t($str)
    {
      for($i=0; $i<5;$i++)
      {
        $str=base64_decode(strrev($str)); //apply base64 first and then reverse the string}
      }
      return $str;
    }

In this function, i’ve encrypted the string 5 times with base64_encode and reversing the string with strrev() and for decrypting 5 times by reversing the string first then applying base64_decode() .

0 讨论(0)

日久生厌

2020-12-09 13:31
From joomla Forum, that's what happen behind:
1. Generate a password
2. Generate 32 random characters
3. Concatenate 1 and 2
4. md5(3)
5. store 4:2
Example:
1. Generate a password - we'll use 'password'
2. Generate 32 random characters - we'll use 'WnvTroeiBmd5bjGmmsVUnNjppadH7giK'
3. Concatenate 1 and 2 - passwordWnvTroeiBmd5bjGmmsVUnNjppadH7giK
4. md5(3) - 3c57ebfec712312f30c3fd1981979f58
5. store 4:2 - 3c57ebfec712312f30c3fd1981979f58:WnvTroeiBmd5bjGmmsVUnNjppadH7giK
0 讨论(0)
发布评论:

提交评论
- 加载中...
花落未央

2020-12-09 13:37
+1 for storing the hash of the password rather than storing the password itself.

To protect against precomputation attacks you should use a random salt. Additionaly it's probably a good idea to use a stronger hashing algorithm such as SHA-256 which I think is supported on PHP. See Secure hash and salt for PHP passwords for more information.

I don't know PHP, but most languages have a library that supports md5 and (and other hashing algorithms) PHP appears to also. I found this:
```
string md5 ( string $str [, bool $raw_output = false ] )
```
Calculates the MD5 hash of str using the » RSA Data Security, Inc. MD5 Message-Digest Algorithm, and returns that hash.

Here's an example:
```
<?php
$password = 'apple';

if (md5($password) === '1f3870be274f6c49b3e31a0c6728957f') {
    echo "Password correct";
}
?>
```
0 讨论(0)
发布评论:

提交评论
- 加载中...