Thursday, May 20, 2010

How are stored passwords in Joomla 1.5?

Hi everybody,

my community "toworktogether" created with Joomla is coming at the end: now I'm working on an application (expandable) to offer some utilities to administrators. This application requires a login, so we have to implement that, but there's a problem...Looking at jos_users table in my database, I discovered that passwords are not stored simply using md5, but by 1.5 version when the password is created, it's hashed with a 32 character salt that is appended to the end of the password string. Finally, the password is stored as {TOTAL HASH}:{ORIGINAL SALT}. So I report my Php script for verifying if the login is right (I use a library for executing queries and password and username are passed using post).

$mydb=new Database("db_host","db_user","db_psw","db_name");
$cred=$mydb->doQuery("SELECT username,password FROM jos_users where username='".$_POST['user']."'");


     //Username not found. Exit script..



     //Password verified. Access to service..

     //Password is wrong. Exit script..
This is a simple guideline, obviously if you wanna implement something that uses login with Joomla users, you have to use sessions.

::See you next post::

No comments:

Post a Comment