Joomla 3.2.1 password encryption
Try this,
The following piece of code is creating Joomla standard password (Older Version 1.5,1.7 etc).
jimport('joomla.user.helper');
$salt = JUserHelper::genRandomPassword(32);
$crypt = JUserHelper::getCryptedPassword($password_choose, $salt);
$password = $crypt.':'.$salt;
Joomla 3.2+ introduced PHP's password algorithm bcrypt but it required a minimum PHP 5.3+ If you plan to use bcrypt make sure your server PHP version is capable for this, read more here.
The other Version of Joomla Using the following methods (Joomla 3.x)
jimport('joomla.user.helper');
$yourpass = JUserHelper::hashPassword($password_choose);
The older algorithm also works fine in latest version too , only difference is older version creates a 65 character password and new one creates 34 character string. always go with updated version
Also if you are using external script should include Joomla framework like below. This should at very top of your external php file
define( '_JEXEC', 1 );
define('JPATH_BASE', dirname(__FILE__) );//this is when we are in the root
define( 'DS', DIRECTORY_SEPARATOR );
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
$mainframe =& JFactory::getApplication('site');
$mainframe->initialise();
Also you mentioned you have to check users credential then no need to check password format and all thing just use below codes after framework loads.
$credentials['username'] = $data['username']; //user entered name
$credentials['password'] = $data['password']; //users entered password
$app = JFactory::getApplication();
$error = $app->login($credentials, $options);
if (!JError::isError($error)) {
// login success
}
else{
//Failed attempt
}
hope it helps..
Joomla Encrypt Passwords for Database
You can just use MySQL's MD5 function - Joomla understands passwords that are hashed using MD5. No need to create a script.
In phpMyAdmin, in the #__users table, just change the password to the one that you want and choose MD5 from the function dropdown.
joomla password encryption
Joomla passwords are MD5 hashed, but the passwords are salted before being hashed.
They are stored in the database as {hash}:{salt}
this salt is a random string 32 characters in length.
So to create a new password hash you would do md5($password.$salt)
EDIT
Okay so for checking a password, say a user myguy
enters the password mypassword
, you would retrieve the row from the database that has username myguy
.
In this row you'll find a password say 4e9e4bcc5752d6f939aedb42408fd3aa:0vURRbyY8Ea0tlvnTFn7xcKpjTFyn0YT
.
You split up the password hash and the salt:
$hashparts = preg_split (':' , $dbpassword);
echo $hashparts[0]; //this is the hash 4e9e4bcc5752d6f939aedb42408fd3aa
echo $hashparts[1]; //this is the salt 0vURRbyY8Ea0tlvnTFn7xcKpjTFyn0YT
now calculate the hash using this salt and the password myguy
entered
$userhash = md5($userpassword.$hashparts[1]); // This would be 'mypassword' and the salt used in the original hash
Now if this $userhash
and $hashparts[0]
are identical the user has entered the correct password.
PHP code for registering Joomla 3.2.1 users, and logging them in
I managed to solve this problem, thanks to answers from all of you.
But I have 1 more question: How can i send an activation email to user?
This is the registration code:
<?php
define( '_JEXEC', 1 );
define('JPATH_BASE', "/home/gddregop/public_html" );//this is when we are in the root
define( 'DS', DIRECTORY_SEPARATOR );
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
$mainframe =& JFactory::getApplication('site');
$mainframe->initialise();
ini_set('default_charset', 'utf-8');
include('database_settings.php');
$username=$_POST["username"];
$password=$_POST["password"];
$email=$_POST["email"];
$salt = JUserHelper::genRandomPassword(32);
$crypt = md5($password.$salt);
$password = $crypt.':'.$salt;
$con=mysqli_connect("localhost",$username_baza_joomla,$password_baza_joomla,$database_baza_joomla);
mysqli_set_charset($con,"utf8");
$SQL1 = "SELECT * FROM joomla_users WHERE username LIKE ?";
if ($stmt = $con->prepare($SQL1)) {
$stmt->bind_param("s", $username);
$stmt->execute();
$stmt->store_result();
$vsota = $stmt->num_rows;
}
$vrnjeno;
if($vsota==0)
{
$SQL2 = "SELECT * FROM joomla_users WHERE email LIKE ?";
if ($stmt2 = $con->prepare($SQL2)) {
$stmt2->bind_param("s", $email);
$stmt2->execute();
$stmt2->store_result();
$vsota2 = $stmt2->num_rows;
}
if($vsota2==0)
{
$vrnjeno="OK";
}
else
{
$vrnjeno="EMAIL_EXISTS";
}
}
else
{
$vrnjeno="USERNAME_EXISTS";
}
echo $vrnjeno;
if($vrnjeno=="OK")
{
$data = array(
'name'=>'name',
'username'=>$username,
'password'=>$password,
'email'=>$email,
'sendEmail'=>1,
"groups"=>array("2"),
'block'=>1,);
$user = new JUser;
try{
$user->bind($data);
$user->save();
}catch(Exception $e){
var_dump($e->getMessage());
}
}
mysqli_close($con);
?>
This is the login code(check for user credentials):
<?php
define( '_JEXEC', 1 );
define('JPATH_BASE', "/home/grdddegap/public_html" );//this is when we are not in the root
define( 'DS', DIRECTORY_SEPARATOR );
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
$mainframe =& JFactory::getApplication('site');
$mainframe->initialise();
$username=$_POST["username"];
$password=$_POST["password"];
ini_set('default_charset', 'utf-8');
include('nastavitve.php');
if (!empty($username))
{
$con=mysqli_connect("localhost",$username_baza_joomla,$password_baza_joomla,$database_baza_joomla);
mysqli_set_charset($con,"utf8");
$SQL = "SELECT name,email,password,block FROM joomla_users WHERE username LIKE ?";
if ($stmt = $con->prepare($SQL)) {
$stmt->bind_param("s", $username);
$stmt->execute();
$stmt->store_result();
$vsota = $stmt->num_rows;
if($vsota==1)
{
$stmt->bind_result($name, $email, $password_baza,$block);
$stmt->fetch();
if((JUserHelper::verifyPassword($password, $password_baza, $user_id = 0)==1))
{
if($block==1)
{
$vrnjeno="EMAIL_VALIDATION";
}
else
{
$vrnjeno="OK";
}
}
else
{
$vrnjeno="WRONG_PASSWORD";
}
}
else
{
$vrnjeno="USER_DOES_NOT_EXISTS";
}
echo $vrnjeno;
}
else
{
echo "SQL INJECTION";
}
}
else
{
echo "STOP THIS YOU HECKER";
}
$mainframe->close();
mysqli_close($con);
?>
How to encrypt the Password column in jos_users (Joomla)
There is a similar thread explaining the joomla password encryption.
Joomla 3.2.1 password encryption
Write a script which will update the password as per the joomla standards, export data from jos_users table and pass this data as input to the script.
Joomla 3.3.1 bcrypt inconsistent?
Each use of hashPassword()
generates a password with a different salt, so the resulting values will always be different, even when the same password is used..... that's deliberate to make it more difficult for attackers.
And that's why you have a verifyPassword() method, to check the validity of the entered password
Related Topics
PHP Messing with HTML Charset Encoding
Ssl Operation Failed with Code 1: Dh Key Too Small
How to Set Default Value for Form Field in Symfony2
MySQL Db Question Marks Instead of Hebrew Characters..
Regex Backreference to Match Different Values
How to Capture the Result of Var_Dump to a String
How to Read a List of Files from a Folder Using PHP
How to Override Trait Function and Call It from the Overridden Function
How to Use Mamp's Version of PHP Instead of the Default on Osx
Stop Caching for PHP 5.5.3 in Mamp
Best Practices: Working with Long, Multiline Strings in PHP
How to Separate Date and Time from Datetime in MySQL
Laravel 5.5 the Page Has Expired Due to Inactivity. Please Refresh and Try Again
PHP Pdo VS Normal MySQL_Connect
How to Get System Environment Variables into PHP While Running Cli & Apache2Handler