my community "toworktogether" created with Joomla is coming at the end: now I'm working on an application (expandable) to offer some utilities to administrators. This application requires a login, so we have to implement that, but there's a problem...Looking at jos_users table in my database, I discovered that passwords are not stored simply using md5, but by 1.5 version when the password is created, it's hashed with a 32 character salt that is appended to the end of the password string. Finally, the password is stored as {TOTAL HASH}:{ORIGINAL SALT}. So I report my Php script for verifying if the login is right (I use a library for executing queries and password and username are passed using post).
$mydb=new Database("db_host","db_user","db_psw","db_name");$cred=$mydb->doQuery("SELECT username,password FROM jos_users where username='".$_POST['user']."'");$row=mysql_fetch_array($cred);if($row['username']==""){//Username not found. Exit script..}$psw=$_POST['psw'];$field=split(":",$row['password']);$md5=$field[0];$salt=$field[1];if(md5($psw.$salt)==$md5){//Password verified. Access to service..}else{//Password is wrong. Exit script..}
This is a simple guideline, obviously if you wanna implement something that uses login with Joomla users, you have to use sessions.
::See you next post::
No comments:
Post a Comment