For the life of me, I am unable to find out how to use the data in xf_user_authenticate to authenticate in any way. I read various aritcles that the formart is sha256(sha256( password ) . salt) and to no aval am I able to come up with any working password. Is there any working documented way of generating a valid XenForo style password?
Been searching, some quick help on password.
- Thread starter brlong
- Start date
I'm writing a script to use via my homepage where users can login with there forum credentials and also register without being at the forum directly. There is a 3rd party add on I am currently using, XenApi(?), but I would like complete control over the process. Going through the the source I found Core12.php which led me to a class in the main XenForo library folder which had a few functions(encode64, etc) but for the life of me I can't get my password for my current database to generate to my new password.
This is what I have ended up with:
Code:
<?php
function encode65($input, $count)
{
$output = '';
$i = 0;
do {
$value = ord($input[$i++]);
$output .= $this->itoa64[$value & 0x3f];
if ($i < $count)
$value |= ord($input[$i]) << 8;
$output .= $this->itoa64[($value >> 6) & 0x3f];
if ($i++ >= $count)
break;
if ($i < $count)
$value |= ord($input[$i]) << 16;
$output .= $this->itoa64[($value >> 12) & 0x3f];
if ($i++ >= $count)
break;
$output .= $this->itoa64[($value >> 18) & 0x3f];
} while ($i < $count);
return $output;
}
function crypt_private($password, $setting)
{
$output = '*0';
if (substr($setting, 0, 2) == $output)
$output = '*1';
$id = substr($setting, 0, 3);
# We use "$P$", phpBB3 uses "$H$" for the same thing
if ($id != '$P$' && $id != '$H$')
return $output;
$count_log2 = strpos($this->itoa64, $setting[3]);
if ($count_log2 < 7 || $count_log2 > 30)
return $output;
$count = 1 << $count_log2;
$salt = substr($setting, 4, 8);
if (strlen($salt) != 8)
return $output;
# We're kind of forced to use MD5 here since it's the only
# cryptographic primitive available in all versions of PHP
# currently in use. To implement our own low-level crypto
# in PHP would result in much worse performance and
# consequently in lower iteration counts and hashes that are
# quicker to crack (by non-PHP code).
if (PHP_VERSION >= '5') {
$hash = md5($salt . $password, TRUE);
do {
$hash = md5($hash . $password, TRUE);
} while (--$count);
} else {
$hash = pack('H*', md5($salt . $password));
do {
$hash = pack('H*', md5($hash . $password));
} while (--$count);
}
$output = substr($setting, 0, 12);
$output .= encode65($hash, 16);
return $output;
}
?>
Jeremy
in memoriam 1991-2020
If you are already using PHP, you should utilize XenForo's directly.
XenForo_PasswordHash::hashPassword() and XenForo_PasswordHash::CheckPassword() should be what you need, but, if you are allowing non-XF registration to handle XF registration, you should utilize proper datawriters to insert data.
XenForo_PasswordHash::hashPassword() and XenForo_PasswordHash::CheckPassword() should be what you need, but, if you are allowing non-XF registration to handle XF registration, you should utilize proper datawriters to insert data.
Cyb3r
Well-known member
Cyb3r
Well-known member
XenAPI is quite simple to use, but in regard of your matter I think bdAPI can achieve what you want.
