Question regarding P2H extension for xenForo

[Mr. Goodie2Shoes]

okay... for some reason the THT people haven't yet developed a P2H module for xenForo... so I am trying to create one... all the things are done but can't find how the password is stored... I know how the password is encrypted and where it is stored.

The encryption hash is SHA1... can anyone guide me where the "SALT" is stored or anything like that?

 

[Fuhrmann]

Xenforo salts passwords server side.

/**
    * Generates an arbtirary length salt
    *
    * @return string
    */
    public static function generateSalt($length = null)
    {
        if (!$length)
        {
            $length = self::DEFAULT_SALT_LENGTH;
        }
 
        return XenForo_Application::generateRandomString($length);
    }

/**
    * Generates a psuedo-random string of the specified length.
    *
    * @param integer $length
    *
    * @return string
    */
    public static function generateRandomString($length)
    {
        while (strlen(self::$_randomData) < $length)
        {
            // openssl_random_pseudo_bytes is *ridiculously* slow on windows
            if (function_exists('openssl_random_pseudo_bytes') && substr(PHP_OS, 0, 3) != 'WIN')
            {
                self::$_randomData .= bin2hex(openssl_random_pseudo_bytes(max($length, 1024) / 2));
            }
            else
            {
                self::$_randomData .= md5(uniqid(mt_rand(), true));
            }
        }
 
        $return = substr(self::$_randomData, 0, $length);
        self::$_randomData = substr(self::$_randomData, $length);
 
        return $return;
    }

File: library/XenForo/Application.php

 

[Mr. Goodie2Shoes]

umm yeah... I've seen the same coding in
library/XenForo/Authentication/Core.php

I know xenForo generates a random string... but doesn't it need to stored somewhere in the database? like there's a 'SALT' field in the members table in vBulletin...

 

[Andrej]

There is a XenForo p2h plugin for TheHostingTool already.. http://thehostingtool.com/forum/thread-1573.html so you are late... I am using it and it working perfect.

 

[Mr. Goodie2Shoes]

There is a XenForo p2h plugin for TheHostingTool already.. http://thehostingtool.com/forum/thread-1573.html so you are late... I am using it and it working perfect.

ooo thanks man

 

[Mr. Goodie2Shoes]

There is a XenForo p2h plugin for TheHostingTool already.. http://thehostingtool.com/forum/thread-1573.html so you are late... I am using it and it working perfect.

okay just checked it out... theres no "password"

 

[Kier]

Everything is stored in the xf_user_authenticate table as serialized data in the 'data' BLOB field.

 

[Mr. Goodie2Shoes]

yes, I see scheme_class, data and remember_key

what is the [BLOB xxxB] thingy? and I am thinking that the remember_key is where the SHA1 hash is stored?

 

[Kier]

what is the [BLOB xxxB] thingy?

That's as close to a password as you get with XenForo.

 

[Mr. Goodie2Shoes]

That's as close to a password as you get with XenForo.

didn't get you