XF 1.1 Verify User Account Details

L

LGM Discord

Member
I have an external script which I need to query the forum database and verify the username/password entered is valid.

In vB it was straight-forward (double MD5 on password, both in same table). I'm new to XF though; could anyone point me in the right direction for password locations and encryption?
 
Sort by date Sort by votes
The passwords are stored in the xf_user_authenticate table in the database. See this file for the auth code:

library/XenForo/Authentication/Core.php

XenForo uses a salted double hash using either SHA1 OR SHA256:

sha1(sha1(password) . salt)

or:

sha256(sha256(password) . salt)

You will need to fetch the auth record and then verify the password using PHP code. This is because the data is serialized so it can't be queried directly. And MySQL doesn't have a SHA256 function, only SHA1.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

puterfixer
  • Question Question
XF 2.2 How to automatically lock and unlock a specific thread using CRON?
Replies
1
Views
479
Paul B
Paul B
RG70Hz
  • Question Question
XF 1.2 SMTP Mail Server Not Working Properly
2
Replies
25
Views
3K
RG70Hz
RG70Hz
Fullmental
XF 2.2 Using REST API to post a media item, no documentation. Help please?
Replies
4
Views
1K
Schaken
Schaken
C
  • Question Question
vBulletin import and possible move to shared hosting, comments please
2
Replies
26
Views
2K
carsafety
C
Tyrone Shum
Creating a new user registration account via Webhook
Replies
4
Views
4K
Tyrone Shum
Tyrone Shum
Top Bottom