问题
I am migrating from Joomla 1.5 to WordPress and my client does not want users to have to re-register. So I am writing a WordPress plugin to match a user's password with what's in the jos_users table and then update their info in WordPress accordingly.
Everything I have read so far for Joomla's password authentication points me to the getCryptedPassword function:
http://docs.joomla.org/API15:JUserHelper/getCryptedPassword
My plugin is encrypting what the user enters the same way:
$db_password = explode(':', $query); //what's in the password field of jos_users
$salt = $db_password[1];
$string_to_be_hashed = $user_entered_pass . $salt;
$test_pass = md5($string_to_be_hashed);
$test_pass = $test_pass . ":" . $salt;
if($test_pass = query){echo "success"}
I have tested 3 accounts using this...but only 2 are authenticating.
Specifically: md5($password$salt):$salt != database password value
In the database, the password value for the account it is not working for appears to have used the same encryption and in the same format ([md5hash]:salt). I know the password is correct because I can login into the client's site with it.
In addition, I ran a search on the entire Joomla codebase for the getCryptedPassword function. In all cases, no explicit encryption method is sent - both the code and the documentation indicate that md5 is used by default.
Can anyone think of any places I should look for alternative encryption possibilities?
I have no idea where else to look or why this particular user account appears to be encrypting differently.
回答1:
In Joomla Standards The encryption handles like as follow.
jimport('joomla.user.helper');
$salt = JUserHelper::genRandomPassword(32);
$crypt = JUserHelper::getCryptedPassword($password_choose, $salt);
$password = $crypt.':'.$salt;
You can run the compare thing in a separate file by loading entire joomla framework to a single file in root.
define( '_JEXEC', 1 );
define('JPATH_BASE', dirname(__FILE__) );//this is when we are in the root
define( 'DS', DIRECTORY_SEPARATOR );
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
$mainframe =& JFactory::getApplication('site');
$mainframe->initialise();
Also you cannot decrypt the Joomla password.If you know the password (original text) Then try with wordpress password fromat .
Hope this may helps..
来源:https://stackoverflow.com/questions/15329424/password-authentication-inconsistent-hashes