Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

joomla password encryption

Tags:

php

md5

codeigniter

joomla

I need to access the joomla user table jos_users for login checking from external php script [codeignitor].

joomla storing password like this

4e9e4bcc5752d6f939aedb42408fd3aa:0vURRbyY8Ea0tlvnTFn7xcKpjTFyn0YT

Looks like this is not the normal MD5 ,so i cannot use md5(password) .

what is the possible way to create the password ?

Thank you.

like image 417
Red Avatar asked May 03 '12 08:05

Red

People also ask

What password encryption does Joomla use?

Joomla "understands" the passwords with "normal" md5.

Where is Joomla password stored?

Joomla passwords are MD5 hashed, but the passwords are salted before being hashed. They are stored in the database as {hash}:{salt} this salt is a random string 32 characters in length.

2 Answers

Joomla passwords are MD5 hashed, but the passwords are salted before being hashed. They are stored in the database as {hash}:{salt} this salt is a random string 32 characters in length.

So to create a new password hash you would do md5($password.$salt)

EDIT

Okay so for checking a password, say a user myguy enters the password mypassword, you would retrieve the row from the database that has username myguy.

In this row you'll find a password say 4e9e4bcc5752d6f939aedb42408fd3aa:0vURRbyY8Ea0tlvnTFn7xcKpjTFyn0YT. You split up the password hash and the salt:

$hashparts = preg_split (':' , $dbpassword); echo $hashparts[0]; //this is the hash  4e9e4bcc5752d6f939aedb42408fd3aa echo $hashparts[1]; //this is the salt  0vURRbyY8Ea0tlvnTFn7xcKpjTFyn0YT

now calculate the hash using this salt and the password myguy entered

$userhash = md5($userpassword.$hashparts[1]); // This would be 'mypassword' and the salt used in the original hash

Now if this $userhash and $hashparts[0] are identical the user has entered the correct password.

like image 136
klennepette Avatar answered Sep 22 '22 14:09

klennepette

From joomla Forum, that's what happen behind:

A. Generate a password B. Generate a string with 32 random characters C. Concatenate Password (Step A) and RandomString (Step B) D. Take md5(Result of Step C) E. store Step D Result : Step B Result

Example:

Generate a password - Let 'testing' Generate a string of 32 random characters - 'aNs1L5PajsIscupUskaNdPenustelsPe' Concatenate Password and random string - testingaNs1L5PajsIscupUskaNdPenustelsPe md5(Step C Result) - 5cf56p85sf15lpyf30c3fd19819p58ly store step d:step B - 5cf56p85sf15lpyf30c3fd19819p58ly:aNs1L5PajsIscupUskaNdPenustelsPe

You can find code in Joomla like

$salt = JUserHelper::genRandomPassword(32); $crypt = JUserHelper::getCryptedPassword("testing", $salt); $password = $crypt . ':' . $salt;

Or We can Say

password DB field = md5(password + salt) + ":" + salt

Where salt is random 32 char string.

thanks

like image 30
Er. Anurag Jain Avatar answered Sep 21 '22 14:09

Er. Anurag Jain
Sign in to Comment

Related questions

PHP and unit testing assertions with decimals
PHP get both array value and array key
Detect mobile browser [duplicate]
Dependency issue trying to install php-mbstring on ec2
mysqli or die, does it have to die?
PHP conditionals, brackets needed?
PHP: Get the key from an array in a foreach loop [duplicate]
Why does PHP compact() use strings instead of actual variables?
Tracking email with PHP and image
Mysql where id is in array [duplicate]
Read last line from file
How to enable the memcached PHP extension after installing with homebrew?
What is the difference between URL Router and Dispatcher?
PHP file upload error tmp_name is empty
PHP - SimpleXML - AddChild with another SimpleXMLElement
How to display Woocommerce Category image?
Installing the PHP 7 MongoDB Client/Driver?
Laravel get name of file
Composer detected issues in your platform: Your Composer dependencies require a PHP version ">= 7.3.0"
How to display "12 minutes ago" etc in a PHP webpage? [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!