I need to access the joomla user table <code>jos_users</code> for login checking from external php script [codeignitor]. joomla storing password like this <pre class="prettyprint"><code>4e9e4bcc5752d6f939aedb42408fd3aa:0vURRbyY8Ea0tlvnTFn7xcKpjTFyn0YT </code></pre> Looks like this is not the normal MD5 ,so i cannot use <code>md5(password)</code> . what is the possible way to create the password ? Thank you.

Joomla passwords are MD5 hashed, but the passwords are salted before being hashed. They are stored in the database as <code>{hash}:{salt}</code> this salt is a random string 32 characters in length. So to create a new password hash you would do <code>md5($password.$salt)</code> EDIT Okay so for checking a password, say a user <code>myguy</code> enters the password <code>mypassword</code>, you would retrieve the row from the database that has username <code>myguy</code>. In this row you'll find a password say <code>4e9e4bcc5752d6f939aedb42408fd3aa:0vURRbyY8Ea0tlvnTFn7xcKpjTFyn0YT</code>. You split up the password hash and the salt: <pre class="prettyprint"><code>$hashparts = preg_split (':' , $dbpassword); echo $hashparts[0]; //this is the hash 4e9e4bcc5752d6f939aedb42408fd3aa echo $hashparts[1]; //this is the salt 0vURRbyY8Ea0tlvnTFn7xcKpjTFyn0YT </code></pre> now calculate the hash using this salt and the password <code>myguy</code> entered <pre class="prettyprint"><code>$userhash = md5($userpassword.$hashparts[1]); // This would be 'mypassword' and the salt used in the original hash </code></pre> Now if this <code>$userhash</code> and <code>$hashparts[0]</code> are identical the user has entered the correct password.

joomla password encryption

Tags:

php

md5

codeigniter

joomla

I need to access the joomla user table jos_users for login checking from external php script [codeignitor].

joomla storing password like this

4e9e4bcc5752d6f939aedb42408fd3aa:0vURRbyY8Ea0tlvnTFn7xcKpjTFyn0YT

Looks like this is not the normal MD5 ,so i cannot use md5(password) .

what is the possible way to create the password ?

Thank you.

417

asked May 03 '12 08:05

Red

2 Answers

Joomla passwords are MD5 hashed, but the passwords are salted before being hashed. They are stored in the database as {hash}:{salt} this salt is a random string 32 characters in length.

So to create a new password hash you would do md5($password.$salt)

EDIT

Okay so for checking a password, say a user myguy enters the password mypassword, you would retrieve the row from the database that has username myguy.

In this row you'll find a password say 4e9e4bcc5752d6f939aedb42408fd3aa:0vURRbyY8Ea0tlvnTFn7xcKpjTFyn0YT. You split up the password hash and the salt:

$hashparts = preg_split (':' , $dbpassword); echo $hashparts[0]; //this is the hash  4e9e4bcc5752d6f939aedb42408fd3aa echo $hashparts[1]; //this is the salt  0vURRbyY8Ea0tlvnTFn7xcKpjTFyn0YT

now calculate the hash using this salt and the password myguy entered

$userhash = md5($userpassword.$hashparts[1]); // This would be 'mypassword' and the salt used in the original hash

Now if this $userhash and $hashparts[0] are identical the user has entered the correct password.

136

answered Sep 22 '22 14:09

klennepette

From joomla Forum, that's what happen behind:

A. Generate a password B. Generate a string with 32 random characters C. Concatenate Password (Step A) and RandomString (Step B) D. Take md5(Result of Step C) E. store Step D Result : Step B Result

Example:

Generate a password - Let 'testing' Generate a string of 32 random characters - 'aNs1L5PajsIscupUskaNdPenustelsPe' Concatenate Password and random string - testingaNs1L5PajsIscupUskaNdPenustelsPe md5(Step C Result) - 5cf56p85sf15lpyf30c3fd19819p58ly store step d:step B - 5cf56p85sf15lpyf30c3fd19819p58ly:aNs1L5PajsIscupUskaNdPenustelsPe

You can find code in Joomla like

$salt = JUserHelper::genRandomPassword(32); $crypt = JUserHelper::getCryptedPassword("testing", $salt); $password = $crypt . ':' . $salt;

Or We can Say

password DB field = md5(password + salt) + ":" + salt

Where salt is random 32 char string.

thanks

answered Sep 21 '22 14:09

Er. Anurag Jain

Related questions
                            
                                PHP and unit testing assertions with decimals
                            
                                PHP get both array value and array key
                            
                                Detect mobile browser [duplicate]
                            
                                Dependency issue trying to install php-mbstring on ec2
                            
                                mysqli or die, does it have to die?
                            
                                PHP conditionals, brackets needed?
                            
                                PHP: Get the key from an array in a foreach loop [duplicate]
                            
                                Why does PHP compact() use strings instead of actual variables?
                            
                                Tracking email with PHP and image
                            
                                Mysql where id is in array [duplicate]
                            
                                Read last line from file
                            
                                How to enable the memcached PHP extension after installing with homebrew?
                            
                                What is the difference between URL Router and Dispatcher?
                            
                                PHP file upload error tmp_name is empty
                            
                                PHP - SimpleXML - AddChild with another SimpleXMLElement
                            
                                How to display Woocommerce Category image?
                            
                                Installing the PHP 7 MongoDB Client/Driver?
                            
                                Laravel get name of file
                            
                                Composer detected issues in your platform: Your Composer dependencies require a PHP version ">= 7.3.0"
                            
                                How to display "12 minutes ago" etc in a PHP webpage? [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With