Some problem in password encryption/description


New member
Hi All,
Could you please send me simple script for encryption/description for password same as XF. so I can save this password for my other table same as your xf_user_authenticate table.
Best advice I can give is to look at the process that involves changing a password, e.g. that is initiated by the user going to the "account/security" page, so the code that powers that form is inside library/XenForo/ControllerPublic/Account.php and look for "actionSecurity".

From there you can see how we go about ultimately saving the authentication data.

It relies on an "authentication scheme". The only thing that might not be totally obvious without looking deeper into the code is the default authentication scheme is library/XenForo/Authentication/Core12.php.
Thanks Chris,

Actually I am using this password outside of your classes and functions. That's why I want to know the script of password.

You could instantiate the XF framework to access that code externally, or you could simply see how the code works and take hints from that as to how it works to help you build a script yourself.
It's also probably worth noting that you can't decrypt the passwords (assuming you meant decryption, not description) because they're not encrypted

I am using this code for password encrypt:

$startTime = microtime(true);
$fileDir = dirname(__FILE__);

require($fileDir . '/library/XenForo/Autoloader.php');
XenForo_Autoloader::getInstance()->setupAutoloader($fileDir . '/library');

XenForo_Application::initialize($fileDir . '/library', $fileDir);
XenForo_Application::set('page_start_time', $startTime);

$dependencies = new XenForo_Dependencies_Public();

$passwordVariable = new XenForo_Authentication_Core12();
$unserialize = unserialize($passwordVariable->generate($_REQUEST['password']));

echo $unserialize['hash'];

And insert data into "xf_user_authenticate" and "xf_user" but when i am logging in. System is showing me an error

"Incorrect password. Please try again. "

Could you please help me here..

Last edited:
$passwordVariable = new XenForo_Authentication_Core12();
$unserialize = unserialize($passwordVariable->generate($_REQUEST['password']));

echo $unserialize['hash'];

this code is providing me password I think so. but unable to login.
This is my whole code..

$passwordVariable = new XenForo_Authentication_Core12();
$unserialize = unserialize($passwordVariable->generate($_REQUEST['password']));
echo $unserialize['hash'];


$sqlInsert = "INSERT INTO xf_user(
username, email, activity_visible, visible, user_group_id, display_style_group_id, permission_combination_id, register_date, user_state, language_id)
VALUES('".$_GET['username']."', '".$_GET['email']."', '1', '1', '2', '2', '2', '".time()."', 'email_confirm', '1')";
$inserttedID = mysql_insert_id();

echo $sqlInsertPassword = "INSERT INTO xf_user_authenticate (user_id, scheme_class, data, remember_key) VALUES('".$inserttedID."', 'XenForo_Authentication_Core12', '[BLOB - 85B]','".$unserialize['hash']."')";
I was already in the process of replying but honestly I may not have time to go into too much detail so I may not be able to reply very quickly, generally.

You do not need to unserialize the password data. The serialized data string is inserted as is into the data field in the xf_user_authenticate table.

It will look pretty much like this:

Also in your insert into the xf_user_authenticate table, you are literally inserting '[BLOB - 85B]' as the data. Instead of that you should be inserting the value returned by the generate function as mentioned above. You can leave the remember_key blank for now (currently you're inserting the password hash there).
I have checked, if I will leave blank then remember_key field is blank. I am unable to login with only email.
The remember_key is not necessary for the log in process in any way.

It's useful to have for logging in via cookie, but it's not necessary to perform an actual log in with a password.
Hi Chris D,

I have worked on it. And inserted data into xf_user, xf_user_authenticate table and you told me to leave blank 'remember_key' in the process of registration from my code not Xenforo. All is working fine but when I am going to login on Xenforo then I put the email ID onto login page and what about the password if I leave it blank then it will redirect me to registration page.
That would be the correct behaviour if you don't fill in a password on the login form.
Top Bottom