Jump to content

Password algorythm


Jibeji

Recommended Posts

Hi,

I am closing my IPB forum which is not used anymore.

However, I would like to keep the existing members database which is used for another section of my website, without asking them to change their password.  I'd consequently like to use the same password algorythm as in IPB on my own authentication system, just by keeping name, email, members_pass_hash, members_pass_salt from the database.

My question is : do you know how are the passwords managed in IPB ?

Any help would be appreciated.

 

Edit

As from the public function updatePassword(), it looks like the pass_hash is :

$new_pass = md5( md5( $member['members_pass_salt'] ) . $new_md5_pass );

But the hash stored in the Database seem to be the result of a password_hash() function.

Edited by Jibeji
Link to comment
Share on other sites

password_verify( $input, $storedPassHash )

https://www.php.net/manual/en/function.password-verify.php

There's a bit more too it, mostly related to verifying and converting legacy passwords.
See /system/Login/Handler/Standard/Standard.php, method authenticatePasswordForMember(), and /system/Member/Member.php, method verifyLegacyPassword().

Not sure where you got that updatePassword() method from. I don't have anything like that on my 4.5 install.

Link to comment
Share on other sites

Hi Martin,

Here is the code for method verifyLegacyPassword() in my installatation :

public function verifyLegacyPassword( $password )
{
   return \IPS\Login::compareHashes( $this->members_pass_hash, md5( md5( $this->members_pass_salt ) . md5( \IPS\Request::legacyEscape( $password ) ) ) );
}

It looks pretty much the same as updatePassword() that I found in /admin/sources/base/ipsMember.php

Edited by Jibeji
Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...