hi, I was thinking about merging a games database with SMF's so when the users register ingame, they get a forum profile, but my problem is that I'm kinda new with SMF and can't find where does SMF merge the hash and the salt. I first put in the salt and then the hashed pass... and yeah sha1 for passwords
Welcome ;)
SMF hashes the user password with sha1(strtolower($username) . $password)
thanks for that info, I found something in Load.php can you tell me if thats it?
elseif (strlen($password) == 40)
$check = sha1($user_settings['passwd'] . $user_settings['password_salt']) == $password;
else
$check = false;
and my hash is a bit longer, so I would change it to :
elseif (strlen($password) == 70)
$check = sha1($user_settings['salt'] . $user_settings['lozinka']) == $password;
else
$check = false;
my salt is 30 characters long so its 40+30 = 70, is that correct?
Nop, you don't need salt. It is used for cookie login only. The user+pass combination is processed in LogInOut.php ;)
thanks for the support, I should roam around the files to find more stuff.