Red Red - 5 months ago 32
PHP Question

joomla password encryption

I need to access the joomla user table

jos_users
for login checking from external php script [codeignitor].

joomla storing password like this

4e9e4bcc5752d6f939aedb42408fd3aa:0vURRbyY8Ea0tlvnTFn7xcKpjTFyn0YT


Looks like this is not the normal MD5 ,so i cannot use
md5(password)
.

what is the possible way to create the password ?

Thank you.

Answer

Joomla passwords are MD5 hashed, but the passwords are salted before being hashed. They are stored in the database as {hash}:{salt} this salt is a random string 32 characters in length.

So to create a new password hash you would do md5($password.$salt)

EDIT

Okay so for checking a password, say a user myguy enters the password mypassword, you would retrieve the row from the database that has username myguy.

In this row you'll find a password say 4e9e4bcc5752d6f939aedb42408fd3aa:0vURRbyY8Ea0tlvnTFn7xcKpjTFyn0YT. You split up the password hash and the salt:

$hashparts = preg_split (':' , $dbpassword);
echo $hashparts[0]; //this is the hash  4e9e4bcc5752d6f939aedb42408fd3aa
echo $hashparts[1]; //this is the salt  0vURRbyY8Ea0tlvnTFn7xcKpjTFyn0YT

now calculate the hash using this salt and the password myguy entered

$userhash = md5($userpassword.$hashparts[1]); // This would be 'mypassword' and the salt used in the original hash

Now if this $userhash and $hashparts[0] are identical the user has entered the correct password.