1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Question regarding P2H extension for xenForo

Discussion in 'General PHP and MySQL Discussions' started by Mr. Goodie2Shoes, Nov 7, 2011.

  1. Mr. Goodie2Shoes

    Mr. Goodie2Shoes Well-Known Member

    okay... for some reason the THT people haven't yet developed a P2H module for xenForo... so I am trying to create one... all the things are done but can't find how the password is stored... I know how the password is encrypted and where it is stored.

    The encryption hash is SHA1... can anyone guide me where the "SALT" is stored or anything like that?
     
  2. Fuhrmann

    Fuhrmann Well-Known Member

    Xenforo salts passwords server side.

    PHP:
    /**
        * Generates an arbtirary length salt
        *
        * @return string
        */
        
    public static function generateSalt($length null)
        {
            if (!
    $length)
            {
                
    $length self::DEFAULT_SALT_LENGTH;
            }
     
            return 
    XenForo_Application::generateRandomString($length);
        }
    PHP:
    /**
        * Generates a psuedo-random string of the specified length.
        *
        * @param integer $length
        *
        * @return string
        */
        
    public static function generateRandomString($length)
        {
            while (
    strlen(self::$_randomData) < $length)
            {
                
    // openssl_random_pseudo_bytes is *ridiculously* slow on windows
                
    if (function_exists('openssl_random_pseudo_bytes') && substr(PHP_OS03) != 'WIN')
                {
                    
    self::$_randomData .= bin2hex(openssl_random_pseudo_bytes(max($length1024) / 2));
                }
                else
                {
                    
    self::$_randomData .= md5(uniqid(mt_rand(), true));
                }
            }
     
            
    $return substr(self::$_randomData0$length);
            
    self::$_randomData substr(self::$_randomData$length);
     
            return 
    $return;
        }

    File: library/XenForo/Application.php
     
  3. Mr. Goodie2Shoes

    Mr. Goodie2Shoes Well-Known Member

    umm yeah... I've seen the same coding in
    library/XenForo/Authentication/Core.php

    I know xenForo generates a random string... but doesn't it need to stored somewhere in the database? like there's a 'SALT' field in the members table in vBulletin...
     
  4. Andrej

    Andrej Well-Known Member

  5. Mr. Goodie2Shoes

    Mr. Goodie2Shoes Well-Known Member

  6. Mr. Goodie2Shoes

    Mr. Goodie2Shoes Well-Known Member

  7. Kier

    Kier XenForo Developer Staff Member

    Everything is stored in the xf_user_authenticate table as serialized data in the 'data' BLOB field.
     
  8. Mr. Goodie2Shoes

    Mr. Goodie2Shoes Well-Known Member

    yes, I see scheme_class, data and remember_key

    what is the [BLOB xxxB] thingy? and I am thinking that the remember_key is where the SHA1 hash is stored?
     
  9. Kier

    Kier XenForo Developer Staff Member

    That's as close to a password as you get with XenForo.
     
    Fuhrmann likes this.
  10. Mr. Goodie2Shoes

    Mr. Goodie2Shoes Well-Known Member

    didn't get you :D :sleep:
     

Share This Page