Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
Voltz Posted July 2, 2019 Posted July 2, 2019 Hello, I am working on an api for one of my projects and I need to compare the user's password to the hash of a given string. I am kind of unsure how the passwords are being hashed i've tried using crypt method and md5 and can't seem to get it. Anyone know what I need to do in order to hash the password for the user correctly? // Something I have tried, which seems to not work due to no data being in the members_pass_salt colum $pass_hash = crypt($pass, '$2a$13$' . $member->members_pass_salt);
newbie LAC Posted July 2, 2019 Posted July 2, 2019 Hello, See \system\Member\Member.php /** * Set local password * * BE CAREFUL: The standard login handler may be disabled, only call this method * if you have alreadu checked it is enabled. In most cases, it is better to let * the available login handlers handle password management * * @param object $password Password to encrypt, wrapped in an object that can be cast to a string so it doesn't show in any logs * @return void */ public function setLocalPassword( $password ) { $this->members_pass_hash = password_hash( $password, PASSWORD_DEFAULT ); $this->members_pass_salt = NULL; } \system\Login\Handler\Standard\Standard.php /** * Authenticate * * @param \IPS\Member $member The member * @param object $password The plaintext password provided by the user, wrapped in an object that can be cast to a string so it doesn't show in any logs * @return bool */ public function authenticatePasswordForMember( \IPS\Member $member, $password ) { if ( password_verify( $password, $member->members_pass_hash ) === TRUE ) { return TRUE; } elseif ( $member->members_pass_salt and mb_strlen( $member->members_pass_hash ) === 32 ) { return $member->verifyLegacyPassword( $password ); } return FALSE; }
Voltz Posted July 2, 2019 Author Posted July 2, 2019 8 hours ago, newbie LAC said: Hello, See \system\Member\Member.php /** * Set local password * * BE CAREFUL: The standard login handler may be disabled, only call this method * if you have alreadu checked it is enabled. In most cases, it is better to let * the available login handlers handle password management * * @param object $password Password to encrypt, wrapped in an object that can be cast to a string so it doesn't show in any logs * @return void */ public function setLocalPassword( $password ) { $this->members_pass_hash = password_hash( $password, PASSWORD_DEFAULT ); $this->members_pass_salt = NULL; } \system\Login\Handler\Standard\Standard.php /** * Authenticate * * @param \IPS\Member $member The member * @param object $password The plaintext password provided by the user, wrapped in an object that can be cast to a string so it doesn't show in any logs * @return bool */ public function authenticatePasswordForMember( \IPS\Member $member, $password ) { if ( password_verify( $password, $member->members_pass_hash ) === TRUE ) { return TRUE; } elseif ( $member->members_pass_salt and mb_strlen( $member->members_pass_hash ) === 32 ) { return $member->verifyLegacyPassword( $password ); } return FALSE; } Thank you so much! I appreciate it
Recommended Posts
Archived
This topic is now archived and is closed to further replies.