Xenforo Password Authentication Problrm -
following password stored hash:
$p$di4mxjkukkjrfzrpffssndassn3xag0
i trying authenticate xenforo password this:
$newhash = $crypt($userpass, $stored_hash); return $newhash === $stored_hash;
for example:
my password is: 123456
my password stored hash is: $p$di4mxjkukkjrfzrpffssndassn3xag0
so writing following code authenticate:
$newhash = crypt("123456", "$p$di4mxjkukkjrfzrpffssndassn3xag0"); return $newhash === "$p$di4mxjkukkjrfzrpffssndassn3xag0";
can 1 suggest me how can authenticate?
thanks in advance.
you have compare new hash old 1 this:
$existinghash = "$p$di4mxjkukkjrfzrpffssndassn3xag0"; $newhash = crypt("123456", $existinghash); $issamepassword = $newhash === $existinghash;
i recommend use hash algorithm backwards compatibility, new hashes should use slow algorithm cost factor. easiest , safest way use password_hash() function:
// hash new password storing in database. // function automatically generates cryptographically safe salt. $hashtostoreindb = password_hash($password, password_bcrypt); // check if hash of entered login password, matches stored hash. // salt , cost factor extracted $existinghashfromdb. $ispasswordcorrect = password_verify($password, $existinghashfromdb);
edit:
after quick research found out signature $p$
used phpass library, in case no safe hash algorithm available. in absence of alternatives uses iterated md5 hash scheme. try include phpass library (the code available) check hashes.
Comments
Post a Comment