• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Been searching, some quick help on password.

#1
For the life of me, I am unable to find out how to use the data in xf_user_authenticate to authenticate in any way. I read various aritcles that the formart is sha256(sha256( password ) . salt) and to no aval am I able to come up with any working password. Is there any working documented way of generating a valid XenForo style password?
 

Jeremy

Well-known member
#2
XenForo 1.2+ utilizes bcrypt to generate passwords. In what context are you attempting to generate a working password?
 
#3
I'm writing a script to use via my homepage where users can login with there forum credentials and also register without being at the forum directly. There is a 3rd party add on I am currently using, XenApi(?), but I would like complete control over the process. Going through the the source I found Core12.php which led me to a class in the main XenForo library folder which had a few functions(encode64, etc) but for the life of me I can't get my password for my current database to generate to my new password.
 
#4
This is what I have ended up with:

Code:
<?php
        function encode65($input, $count)
        {
                $output = '';
                $i = 0;
                do {
                        $value = ord($input[$i++]);
                        $output .= $this->itoa64[$value & 0x3f];
                        if ($i < $count)
                                $value |= ord($input[$i]) << 8;
                        $output .= $this->itoa64[($value >> 6) & 0x3f];
                        if ($i++ >= $count)
                                break;
                        if ($i < $count)
                                $value |= ord($input[$i]) << 16;
                        $output .= $this->itoa64[($value >> 12) & 0x3f];
                        if ($i++ >= $count)
                                break;
                        $output .= $this->itoa64[($value >> 18) & 0x3f];
                } while ($i < $count);

                return $output;
        }

        function crypt_private($password, $setting)
        {
                $output = '*0';
                if (substr($setting, 0, 2) == $output)
                        $output = '*1';

                $id = substr($setting, 0, 3);
                # We use "$P$", phpBB3 uses "$H$" for the same thing
                if ($id != '$P$' && $id != '$H$')
                        return $output;

                $count_log2 = strpos($this->itoa64, $setting[3]);
                if ($count_log2 < 7 || $count_log2 > 30)
                        return $output;

                $count = 1 << $count_log2;

                $salt = substr($setting, 4, 8);
                if (strlen($salt) != 8)
                        return $output;

                # We're kind of forced to use MD5 here since it's the only
                # cryptographic primitive available in all versions of PHP
                # currently in use.  To implement our own low-level crypto
                # in PHP would result in much worse performance and
                # consequently in lower iteration counts and hashes that are
                # quicker to crack (by non-PHP code).
                if (PHP_VERSION >= '5') {
                        $hash = md5($salt . $password, TRUE);
                        do {
                                $hash = md5($hash . $password, TRUE);
                        } while (--$count);
                } else {
                        $hash = pack('H*', md5($salt . $password));
                        do {
                                $hash = pack('H*', md5($hash . $password));
                        } while (--$count);
                }

                $output = substr($setting, 0, 12);
                $output .= encode65($hash, 16);

                return $output;
        }

?>
 

Jeremy

Well-known member
#5
If you are already using PHP, you should utilize XenForo's directly.

XenForo_PasswordHash::hashPassword() and XenForo_PasswordHash::CheckPassword() should be what you need, but, if you are allowing non-XF registration to handle XF registration, you should utilize proper datawriters to insert data.
 
#6
Is there an internal function I can use to do a registration? And how would I go about using that? Just call the main XenForo class and script it from there?

Thanks in advance!