1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Password Formula

Discussion in 'XenForo Development Discussions' started by Joshua F, Aug 2, 2011.

  1. Joshua F

    Joshua F Member

    I was going to make a 3rd-party login system for a site I'm helping with and was wondering what the password formula is to check if the password is correct.

    Many thanks,
    Joshua F
  2. James

    James Well-Known Member

    Unless I'm mistaken, the hashing algorithm for XenForo is either sha1 or sha256 (depending on whether it's installed), with a salt appended to it, then re-hashed using either sha1 or sha256 (again).

    Examples, SHA1:
    $password sha1(sha1($password).$salt)
    SHA256 (not actual PHP code, just for illustrative purposes):
    $password sha256(sha356($password).$salt)
    You can authenticate a password using XenForo_Authentication_Abstract::authenticate()
  3. Joshua F

    Joshua F Member

    Thank you, do you happen to know where the salt is stored?

Share This Page