custom hash

NSMarko · August 15, 2014, 08:07:49 AM

hi, I was thinking about merging a games database with SMF's so when the users register ingame, they get a forum profile, but my problem is that I'm kinda new with SMF and can't find where does SMF merge the hash and the salt. I first put in the salt and then the hashed pass... and yeah sha1 for passwords

margarett · August 15, 2014, 08:12:09 AM

Welcome

SMF hashes the user password with sha1(strtolower($username) . $password)

NSMarko · August 15, 2014, 08:21:21 AM

thanks for that info, I found something in Load.php can you tell me if thats it?

Code Select

elseif (strlen($password) == 40)
$check = sha1($user_settings['passwd'] . $user_settings['password_salt']) == $password;
else
$check = false;

and my hash is a bit longer, so I would change it to :

Code Select

elseif (strlen($password) == 70)
$check = sha1($user_settings['salt'] . $user_settings['lozinka']) == $password;
else
$check = false;

my salt is 30 characters long so its 40+30 = 70, is that correct?

margarett · August 15, 2014, 08:58:10 AM

Nop, you don't need salt. It is used for cookie login only. The user+pass combination is processed in LogInOut.php

NSMarko · August 15, 2014, 09:18:57 AM

thanks for the support, I should roam around the files to find more stuff.

News:

custom hash

NSMarko

margarett

NSMarko

margarett

NSMarko