Xenforo Password Authentication Problrm -


following password stored hash:

$p$di4mxjkukkjrfzrpffssndassn3xag0

i trying authenticate xenforo password this:

$newhash = $crypt($userpass, $stored_hash); return $newhash === $stored_hash; 

for example:

my password is: 123456

my password stored hash is: $p$di4mxjkukkjrfzrpffssndassn3xag0

so writing following code authenticate:

$newhash = crypt("123456", "$p$di4mxjkukkjrfzrpffssndassn3xag0"); return $newhash === "$p$di4mxjkukkjrfzrpffssndassn3xag0"; 

can 1 suggest me how can authenticate?

thanks in advance.

you have compare new hash old 1 this:

$existinghash = "$p$di4mxjkukkjrfzrpffssndassn3xag0"; $newhash = crypt("123456", $existinghash); $issamepassword = $newhash === $existinghash; 

i recommend use hash algorithm backwards compatibility, new hashes should use slow algorithm cost factor. easiest , safest way use password_hash() function:

// hash new password storing in database. // function automatically generates cryptographically safe salt. $hashtostoreindb = password_hash($password, password_bcrypt);  // check if hash of entered login password, matches stored hash. // salt , cost factor extracted $existinghashfromdb. $ispasswordcorrect = password_verify($password, $existinghashfromdb); 

edit:

after quick research found out signature $p$ used phpass library, in case no safe hash algorithm available. in absence of alternatives uses iterated md5 hash scheme. try include phpass library (the code available) check hashes.


Comments

Popular posts from this blog

c++ - Difference between pre and post decrement in recursive function argument -

php - Nothing but 'run(); ' when browsing to my local project, how do I fix this? -

php - How can I echo out this array? -