News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

members database access

Started by Sweet_, October 08, 2015, 10:34:08 AM

Previous topic - Next topic

Sweet_

Hello, i have an old program i wrote a while back that was a simple login via SQL which used the username and password that users used on my old forum, but since moving over to SMF i noticed that all the passwords are hashed im guessing its sha1 & salt, but the program only reads the hashed password and not the decrypted password, is there anyway around this?

C. Davis


Kindred

Well, it depends what he wants to do. Ssi will not expose the password....
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

C. Davis

Quote from: Kindred on October 08, 2015, 04:52:05 PM
Well, it depends what he wants to do. Ssi will not expose the password....
Generally, logging in with SQL is less secure than using SSI.

Kindred

you have (once again) missed the point...

The OP has not specifically given us enough information to determine WHAT he is actually trying to do... he has merely asked a question with no corroborating details. The password is never revealed in any SSI function.

To answer the question asked...   the system never has a copy of the unhashed password.
It can be passed during login by using one of the hooks or API functions.
Or you can control your non-forum site access by adding SSI functions and checks on SMF member permissions using SSI as C.Davis noted)

However, without knowing specifically what you are trying to do, we can't help you much further.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Sweet_

Hey sorry not had access to my pc for a few days, im basically making a program for my website that has many different parts to it ( forums / news pages / blogs etc ) and the program im making allows my staff to login to all parts of the website but the forums is the only one im having trouble with, main use is to have everything there in one place, there are pages to different news websites to keep our new section up to date and so on. but i wanted to use the Forum as the main login information to the program due to the user types and such.

Kindred

In that case c Davis is actually correct.

Get rid of your personalized login system.
Use smf and ssi
That will allow you to use the smf security, member groups and permissions to control access to your other functions, even outside of smf itself.


Because, as I said, the smf password is never available, unhashed.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Advertisement: