hey all
im in the process of creating a system that works along side smf
but i need to make it so all users and their passwords arent md5
both login and when registering
anyone know a way to remove md5 completely?
thanks
yep. Install SMF. :P
Smf uses salted sha1, not MD5 ;)
you can generate a sha1 hash to check against SMF's database fairly easily.
sha1(strtolower(username) . password_from_form);
where username is the username and password_from_form is the supplied password but make sure to sanitize it or you may fall victim to hackings ;)
smf does it like this:
$sha_passwd = sha1(strtolower($user_settings['memberName']) . un_htmlspecialchars(stripslashes($_REQUEST['passwrd'])));
well i dont really want any encrypting as the db of users im going to be using against smf is plain text...
can you suggest how to remove all encrypting?
Why remove encryption? I guess you want to integrate SMF into a custom setup that stores plain text passwords in a database. Instead of going down, why not go one step up and introduce encryption in your custom setup, much like bridges do?
At least, you could simply make the other application create an encrypted copy of the plaintext password and compare the resulting hash to the SMF password hash stored in the database.
Have you looked at the functions of SSI.php for help in integration?