1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Some problem in password encryption/description

Discussion in 'XenForo Development Discussions' started by lokeshB, Feb 4, 2016.

  1. lokeshB

    lokeshB New Member

    Hi All,
    Could you please send me simple script for encryption/description for password same as XF. so I can save this password for my other table same as your xf_user_authenticate table.
    Thanks
     
  2. lokeshB

    lokeshB New Member

    Could anyone reply my query. I am on the way of code.
     
  3. Chris D

    Chris D XenForo Developer Staff Member

    Best advice I can give is to look at the process that involves changing a password, e.g. that is initiated by the user going to the "account/security" page, so the code that powers that form is inside library/XenForo/ControllerPublic/Account.php and look for "actionSecurity".

    From there you can see how we go about ultimately saving the authentication data.

    It relies on an "authentication scheme". The only thing that might not be totally obvious without looking deeper into the code is the default authentication scheme is library/XenForo/Authentication/Core12.php.
     
  4. lokeshB

    lokeshB New Member

    Thanks Chris,

    Actually I am using this password outside of your classes and functions. That's why I want to know the script of password.

    Thanks
     
  5. Chris D

    Chris D XenForo Developer Staff Member

    You could instantiate the XF framework to access that code externally, or you could simply see how the code works and take hints from that as to how it works to help you build a script yourself.
     
  6. lokeshB

    lokeshB New Member

    Could you please let me know how can I do this.
     
  7. Chris D

    Chris D XenForo Developer Staff Member

  8. Jake B.

    Jake B. Well-Known Member

    It's also probably worth noting that you can't decrypt the passwords (assuming you meant decryption, not description) because they're not encrypted
     
  9. lokeshB

    lokeshB New Member

    Hi,

    I am using this code for password encrypt:


    $startTime = microtime(true);
    $fileDir = dirname(__FILE__);

    require($fileDir . '/library/XenForo/Autoloader.php');
    XenForo_Autoloader::getInstance()->setupAutoloader($fileDir . '/library');

    XenForo_Application::initialize($fileDir . '/library', $fileDir);
    XenForo_Application::set('page_start_time', $startTime);

    $dependencies = new XenForo_Dependencies_Public();
    $dependencies->preLoadData();


    $passwordVariable = new XenForo_Authentication_Core12();
    $passwordVariable->generate($_REQUEST['password']);
    $unserialize = unserialize($passwordVariable->generate($_REQUEST['password']));

    echo $unserialize['hash'];


    And insert data into "xf_user_authenticate" and "xf_user" but when i am logging in. System is showing me an error

    "Incorrect password. Please try again. "

    Could you please help me here..

    Thanks
     
    Last edited: Feb 8, 2016
  10. Chris D

    Chris D XenForo Developer Staff Member

    What's the unserialize line for?

    What is the exact data you are inserting?
     
  11. lokeshB

    lokeshB New Member


    this code is providing me password I think so. but unable to login.
     
  12. Chris D

    Chris D XenForo Developer Staff Member

    What is the exact data you are inserting?
     
  13. lokeshB

    lokeshB New Member

    This is my whole code..

    $passwordVariable = new XenForo_Authentication_Core12();
    $passwordVariable->generate($_REQUEST['password']);
    $unserialize = unserialize($passwordVariable->generate($_REQUEST['password']));
    //print_r($unserialize);
    echo $unserialize['hash'];

    ---------------------------------------------------------------------------------------------------------------------------------------------------------

    $sqlInsert = "INSERT INTO xf_user(
    username, email, activity_visible, visible, user_group_id, display_style_group_id, permission_combination_id, register_date, user_state, language_id)
    VALUES('".$_GET['username']."', '".$_GET['email']."', '1', '1', '2', '2', '2', '".time()."', 'email_confirm', '1')";
    mysql_query($sqlInsert);
    $inserttedID = mysql_insert_id();

    echo $sqlInsertPassword = "INSERT INTO xf_user_authenticate (user_id, scheme_class, data, remember_key) VALUES('".$inserttedID."', 'XenForo_Authentication_Core12', '[BLOB - 85B]','".$unserialize['hash']."')";
    mysql_query($sqlInsertPassword);
     
  14. lokeshB

    lokeshB New Member

    Chris D,

    Could you please let me know where I am wrong. So I will update me code.

    Thanks
     
  15. Chris D

    Chris D XenForo Developer Staff Member

    I was already in the process of replying but honestly I may not have time to go into too much detail so I may not be able to reply very quickly, generally.

    You do not need to unserialize the password data. The serialized data string is inserted as is into the data field in the xf_user_authenticate table.

    It will look pretty much like this:
    Code:
    a:1:{s:4:"hash";s:60:"$2a$10$1NDtWJaZqCFSQeCA3Ggfp.9xNINfqg7svWz6QVr1zE..x4V.iLKKy";}
    Also in your insert into the xf_user_authenticate table, you are literally inserting '[BLOB - 85B]' as the data. Instead of that you should be inserting the value returned by the generate function as mentioned above. You can leave the remember_key blank for now (currently you're inserting the password hash there).
     
  16. lokeshB

    lokeshB New Member

    If I will leave this blank then how can I login into my xenforo??
     
  17. lokeshB

    lokeshB New Member

    I have checked, if I will leave blank then remember_key field is blank. I am unable to login with only email.
    Thanks
     
  18. Chris D

    Chris D XenForo Developer Staff Member

    The remember_key is not necessary for the log in process in any way.

    It's useful to have for logging in via cookie, but it's not necessary to perform an actual log in with a password.
     
  19. lokeshB

    lokeshB New Member

    Hi Chris D,

    I have worked on it. And inserted data into xf_user, xf_user_authenticate table and you told me to leave blank 'remember_key' in the process of registration from my code not Xenforo. All is working fine but when I am going to login on Xenforo then I put the email ID onto login page and what about the password if I leave it blank then it will redirect me to registration page.
    Thanks
     
  20. Chris D

    Chris D XenForo Developer Staff Member

    That would be the correct behaviour if you don't fill in a password on the login form.
     

Share This Page