• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Password Formula

I was going to make a 3rd-party login system for a site I'm helping with and was wondering what the password formula is to check if the password is correct.

Many thanks,
Joshua F


Well-known member
Unless I'm mistaken, the hashing algorithm for XenForo is either sha1 or sha256 (depending on whether it's installed), with a salt appended to it, then re-hashed using either sha1 or sha256 (again).

Examples, SHA1:
$password = sha1(sha1($password).$salt)
SHA256 (not actual PHP code, just for illustrative purposes):
$password = sha256(sha356($password).$salt)
You can authenticate a password using XenForo_Authentication_Abstract::authenticate()