1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.1 Verify User Account Details

Discussion in 'XenForo Questions and Support' started by LGM Discord, May 21, 2012.

  1. LGM Discord

    LGM Discord Member

    I have an external script which I need to query the forum database and verify the username/password entered is valid.

    In vB it was straight-forward (double MD5 on password, both in same table). I'm new to XF though; could anyone point me in the right direction for password locations and encryption?
  2. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    The passwords are stored in the xf_user_authenticate table in the database. See this file for the auth code:


    XenForo uses a salted double hash using either SHA1 OR SHA256:

    sha1(sha1(password) . salt)


    sha256(sha256(password) . salt)

    You will need to fetch the auth record and then verify the password using PHP code. This is because the data is serialized so it can't be queried directly. And MySQL doesn't have a SHA256 function, only SHA1.
  3. LGM Discord

    LGM Discord Member

    Works great, thank you.

Share This Page