1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Been searching, some quick help on password.

Discussion in 'XenForo Development Discussions' started by brlong, Sep 10, 2015.

  1. brlong

    brlong New Member

    For the life of me, I am unable to find out how to use the data in xf_user_authenticate to authenticate in any way. I read various aritcles that the formart is sha256(sha256( password ) . salt) and to no aval am I able to come up with any working password. Is there any working documented way of generating a valid XenForo style password?
     
  2. Jeremy

    Jeremy XenForo Moderator Staff Member

    XenForo 1.2+ utilizes bcrypt to generate passwords. In what context are you attempting to generate a working password?
     
  3. brlong

    brlong New Member

    I'm writing a script to use via my homepage where users can login with there forum credentials and also register without being at the forum directly. There is a 3rd party add on I am currently using, XenApi(?), but I would like complete control over the process. Going through the the source I found Core12.php which led me to a class in the main XenForo library folder which had a few functions(encode64, etc) but for the life of me I can't get my password for my current database to generate to my new password.
     
  4. brlong

    brlong New Member

    This is what I have ended up with:

    Code:
    <?php
            function encode65($input, $count)
            {
                    $output = '';
                    $i = 0;
                    do {
                            $value = ord($input[$i++]);
                            $output .= $this->itoa64[$value & 0x3f];
                            if ($i < $count)
                                    $value |= ord($input[$i]) << 8;
                            $output .= $this->itoa64[($value >> 6) & 0x3f];
                            if ($i++ >= $count)
                                    break;
                            if ($i < $count)
                                    $value |= ord($input[$i]) << 16;
                            $output .= $this->itoa64[($value >> 12) & 0x3f];
                            if ($i++ >= $count)
                                    break;
                            $output .= $this->itoa64[($value >> 18) & 0x3f];
                    } while ($i < $count);
    
                    return $output;
            }
    
            function crypt_private($password, $setting)
            {
                    $output = '*0';
                    if (substr($setting, 0, 2) == $output)
                            $output = '*1';
    
                    $id = substr($setting, 0, 3);
                    # We use "$P$", phpBB3 uses "$H$" for the same thing
                    if ($id != '$P$' && $id != '$H$')
                            return $output;
    
                    $count_log2 = strpos($this->itoa64, $setting[3]);
                    if ($count_log2 < 7 || $count_log2 > 30)
                            return $output;
    
                    $count = 1 << $count_log2;
    
                    $salt = substr($setting, 4, 8);
                    if (strlen($salt) != 8)
                            return $output;
    
                    # We're kind of forced to use MD5 here since it's the only
                    # cryptographic primitive available in all versions of PHP
                    # currently in use.  To implement our own low-level crypto
                    # in PHP would result in much worse performance and
                    # consequently in lower iteration counts and hashes that are
                    # quicker to crack (by non-PHP code).
                    if (PHP_VERSION >= '5') {
                            $hash = md5($salt . $password, TRUE);
                            do {
                                    $hash = md5($hash . $password, TRUE);
                            } while (--$count);
                    } else {
                            $hash = pack('H*', md5($salt . $password));
                            do {
                                    $hash = pack('H*', md5($hash . $password));
                            } while (--$count);
                    }
    
                    $output = substr($setting, 0, 12);
                    $output .= encode65($hash, 16);
    
                    return $output;
            }
    
    ?>
     
  5. Jeremy

    Jeremy XenForo Moderator Staff Member

    If you are already using PHP, you should utilize XenForo's directly.

    XenForo_PasswordHash::hashPassword() and XenForo_PasswordHash::CheckPassword() should be what you need, but, if you are allowing non-XF registration to handle XF registration, you should utilize proper datawriters to insert data.
     
  6. brlong

    brlong New Member

    Is there an internal function I can use to do a registration? And how would I go about using that? Just call the main XenForo class and script it from there?

    Thanks in advance!
     
  7. Cyb3r

    Cyb3r Well-Known Member

    Why not to use an existing API like XenAPI or bdAPI?

    It will save you a lot of hassle.
     
  8. brlong

    brlong New Member

    I'm currently using XenAPI and don't like how it's setup. I will check out bdAPI.
     
  9. Cyb3r

    Cyb3r Well-Known Member

    XenAPI is quite simple to use, but in regard of your matter I think bdAPI can achieve what you want.
     

Share This Page