Joomla 3.2.1 Password Encryption

Joomla 3.2.1 password encryption

Try this,

The following piece of code is creating Joomla standard password (Older Version 1.5,1.7 etc).

 jimport('joomla.user.helper');
 $salt = JUserHelper::genRandomPassword(32);
 $crypt = JUserHelper::getCryptedPassword($password_choose, $salt);
 $password = $crypt.':'.$salt;

Joomla 3.2+ introduced PHP's password algorithm bcrypt but it required a minimum PHP 5.3+ If you plan to use bcrypt make sure your server PHP version is capable for this, read more here.

The other Version of Joomla Using the following methods (Joomla 3.x)

 jimport('joomla.user.helper');
 $yourpass = JUserHelper::hashPassword($password_choose);

The older algorithm also works fine in latest version too , only difference is older version creates a 65 character password and new one creates 34 character string. always go with updated version

Also if you are using external script should include Joomla framework like below. This should at very top of your external php file

define( '_JEXEC', 1 );
define('JPATH_BASE', dirname(__FILE__) );//this is when we are in the root
define( 'DS', DIRECTORY_SEPARATOR );

require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );

$mainframe =& JFactory::getApplication('site');
$mainframe->initialise();

Also you mentioned you have to check users credential then no need to check password format and all thing just use below codes after framework loads.

   $credentials['username'] = $data['username']; //user entered name
   $credentials['password'] = $data['password']; //users entered password
   $app = JFactory::getApplication();
   $error = $app->login($credentials, $options);
   if (!JError::isError($error)) {
    // login success
    }
  else{
    //Failed attempt
   }

hope it helps..

Joomla Encrypt Passwords for Database

You can just use MySQL's MD5 function - Joomla understands passwords that are hashed using MD5. No need to create a script.

In phpMyAdmin, in the #__users table, just change the password to the one that you want and choose MD5 from the function dropdown.

joomla password encryption

Joomla passwords are MD5 hashed, but the passwords are salted before being hashed.
They are stored in the database as {hash}:{salt} this salt is a random string 32 characters in length.

So to create a new password hash you would do md5($password.$salt)

EDIT

Okay so for checking a password, say a user myguy enters the password mypassword, you would retrieve the row from the database that has username myguy.

In this row you'll find a password say 4e9e4bcc5752d6f939aedb42408fd3aa:0vURRbyY8Ea0tlvnTFn7xcKpjTFyn0YT.
You split up the password hash and the salt:

$hashparts = preg_split (':' , $dbpassword);
echo $hashparts[0]; //this is the hash  4e9e4bcc5752d6f939aedb42408fd3aa
echo $hashparts[1]; //this is the salt  0vURRbyY8Ea0tlvnTFn7xcKpjTFyn0YT

now calculate the hash using this salt and the password myguy entered

$userhash = md5($userpassword.$hashparts[1]); // This would be 'mypassword' and the salt used in the original hash

Now if this $userhash and $hashparts[0] are identical the user has entered the correct password.

PHP code for registering Joomla 3.2.1 users, and logging them in

I managed to solve this problem, thanks to answers from all of you.

But I have 1 more question: How can i send an activation email to user?

This is the registration code:

<?php
define( '_JEXEC', 1 );
define('JPATH_BASE', "/home/gddregop/public_html" );//this is when we are in the root
define( 'DS', DIRECTORY_SEPARATOR );

require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );

$mainframe =& JFactory::getApplication('site');
$mainframe->initialise();   
ini_set('default_charset', 'utf-8');
include('database_settings.php');

$username=$_POST["username"];
$password=$_POST["password"];
$email=$_POST["email"];    

$salt = JUserHelper::genRandomPassword(32);
$crypt = md5($password.$salt);
$password = $crypt.':'.$salt;
$con=mysqli_connect("localhost",$username_baza_joomla,$password_baza_joomla,$database_baza_joomla);
mysqli_set_charset($con,"utf8");

$SQL1 = "SELECT * FROM joomla_users WHERE username LIKE ?";

if ($stmt = $con->prepare($SQL1)) {

$stmt->bind_param("s", $username);
$stmt->execute();    
$stmt->store_result();     
$vsota = $stmt->num_rows;
}  

 $vrnjeno;

if($vsota==0)
{
$SQL2 = "SELECT * FROM joomla_users WHERE email LIKE ?";
   if ($stmt2 = $con->prepare($SQL2)) {

$stmt2->bind_param("s", $email);
$stmt2->execute();    
$stmt2->store_result();     
$vsota2 = $stmt2->num_rows;
}            

  if($vsota2==0)
  {
   $vrnjeno="OK";
  }
  else
  {
  $vrnjeno="EMAIL_EXISTS";
  }
 }
else
{
$vrnjeno="USERNAME_EXISTS";
}
echo $vrnjeno;
if($vrnjeno=="OK")
{
$data = array(
'name'=>'name',
'username'=>$username,
'password'=>$password,
'email'=>$email,
'sendEmail'=>1,  
"groups"=>array("2"),
'block'=>1,);

 $user = new JUser;

try{
$user->bind($data);
$user->save();
}catch(Exception $e){
var_dump($e->getMessage());
}

}
mysqli_close($con);    

?>

This is the login code(check for user credentials):

<?php
define( '_JEXEC', 1 );
define('JPATH_BASE', "/home/grdddegap/public_html" );//this is when we are not in the root
define( 'DS', DIRECTORY_SEPARATOR );

require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );

$mainframe =& JFactory::getApplication('site');
$mainframe->initialise();        

$username=$_POST["username"];
$password=$_POST["password"];
ini_set('default_charset', 'utf-8');
include('nastavitve.php');
if (!empty($username))
{
 $con=mysqli_connect("localhost",$username_baza_joomla,$password_baza_joomla,$database_baza_joomla);
mysqli_set_charset($con,"utf8");

$SQL = "SELECT name,email,password,block FROM joomla_users WHERE username LIKE ?";

if ($stmt = $con->prepare($SQL)) {

$stmt->bind_param("s", $username);
$stmt->execute();    
$stmt->store_result();     
$vsota = $stmt->num_rows;

  if($vsota==1)
  {

    $stmt->bind_result($name, $email, $password_baza,$block); 
   $stmt->fetch();

    if((JUserHelper::verifyPassword($password, $password_baza, $user_id = 0)==1))
     {

        if($block==1)
        {
        $vrnjeno="EMAIL_VALIDATION";          
        }
        else
        {
        $vrnjeno="OK";
        }
     }
     else
     {
     $vrnjeno="WRONG_PASSWORD";
     }  

     }

  else
  {
  $vrnjeno="USER_DOES_NOT_EXISTS";
  }

echo $vrnjeno;
}
else
{
echo "SQL INJECTION";
}
}
else
{
echo "STOP THIS YOU HECKER";
}
$mainframe->close();   
mysqli_close($con); 

?>

How to encrypt the Password column in jos_users (Joomla)

There is a similar thread explaining the joomla password encryption.

Joomla 3.2.1 password encryption

Write a script which will update the password as per the joomla standards, export data from jos_users table and pass this data as input to the script.

Joomla 3.3.1 bcrypt inconsistent?

Each use of hashPassword() generates a password with a different salt, so the resulting values will always be different, even when the same password is used..... that's deliberate to make it more difficult for attackers.

And that's why you have a verifyPassword() method, to check the validity of the entered password

---

Related Topics