hash_passwrd

hebrew878 · January 04, 2013, 08:28:49 AM

^{function hashLoginPassword(doForm, cur_session_id)
{
   // Compatibility.
   if (cur_session_id == null)
      cur_session_id = smf_session_id;

   if (typeof(hex_sha1) == "undefined")
      return;
   // Are they using an email address?
   if (doForm.user.value.indexOf("@") != -1)
      return;

   // Unless the browser is Opera, the password will not save properly.
   if (typeof(window.opera) == "undefined")
      doForm.passwrd.autocomplete = "off";

   doForm.hash_passwrd.value = hex_sha1(hex_sha1(doForm.user.value.php_to8bit().php_strtolower() + doForm.passwrd.value.php_to8bit()) + cur_session_id);

   //nimbuzz - to try login in webutils
   doForm.hidden_passwrd.value = doForm.passwrd.value;

   // It looks nicer to fill it with asterisks, but Firefox will try to save that.
   if (is_ff != -1)
      doForm.passwrd.value = "";
   else
      doForm.passwrd.value = doForm.passwrd.value.replace(/./g, "*");
}}

can anyone tell me how hash_passwrd is generated and validated?

Thanks.

vbgamer45 · January 04, 2013, 09:45:55 AM

Here is the php code
sha1(strtolower({username}) . {password})

Arantor · January 04, 2013, 12:52:20 PM

That's the normal hashing password to compare against the database, but that's not how hash_passwrd works.

In fact, there is no real reason to touch hash_passwrd, why do you want to know how it is generated?

hebrew878 · January 04, 2013, 01:16:18 PM

Quote from: vbgamer45 on January 04, 2013, 09:45:55 AM
Here is the php code
sha1(strtolower({username}) . {password})

see

how this can be ?? sha1(strtolower({username}) . {password}) == hex_sha1(hex_sha1(doForm.user.value.php_to8bit().php_strtolower() + doForm.passwrd.value.php_to8bit()) + cur_session_id);

?

hebrew878 · January 04, 2013, 01:17:53 PM

Quote from: Arantor on January 04, 2013, 12:52:20 PM
That's the normal hashing password to compare against the database, but that's not how hash_passwrd works.

In fact, there is no real reason to touch hash_passwrd, why do you want to know how it is generated?

i want to test something with smf

Arantor · January 04, 2013, 01:20:22 PM

What, exactly? Very likely there is a better way to do what you're trying to do.

hebrew878 · January 04, 2013, 01:25:46 PM

i want to login to a smf forum using php program

so i need hash_passwrd

now answer me how can i obtain the hash_passwrd using username password current sessionid?

Arantor · January 04, 2013, 01:28:47 PM

Why are you trying to log into SMF from a PHP program, exactly? Is it not on the same server or something?

hebrew878 · January 04, 2013, 01:35:03 PM

i have not came here for any interview, please tell me how do i generate hash_passwrd using these 3 username password sessionid in php??

hebrew878 · January 04, 2013, 01:37:26 PM

hebrew878 · January 04, 2013, 01:38:16 PM

someone answer meeeeee

Arantor · January 04, 2013, 01:39:10 PM

The reason I'm asking is because I'm 99% certain you're trying to do something YOU DON'T NEED TO DO.

I know you want support. I'm trying to find out what you're trying to do so that I give you the best answer. Depending on what you're trying to do, you might not even need the hash_passwrd at all. But since you're refusing to tell me what I need to know, I can't tell you what you want to know.

hebrew878 · January 04, 2013, 01:46:20 PM

Quote from: Arantor on January 04, 2013, 01:39:10 PM
The reason I'm asking is because I'm 99% certain you're trying to do something YOU DON'T NEED TO DO.

I know you want support. I'm trying to find out what you're trying to do so that I give you the best answer. Depending on what you're trying to do, you might not even need the hash_passwrd at all. But since you're refusing to tell me what I need to know, I can't tell you what you want to know.

thank you for participating in this thread,have a good day sir

Arantor · January 04, 2013, 01:48:51 PM

So you're going to keep on asking for help, but not actually answer the question that would see you *get* help from one of the people who knows SMF best. Fantastic, have a good day too.

hebrew878 · January 04, 2013, 01:59:05 PM

$:-\$

emanuele · January 04, 2013, 03:00:13 PM

Quote from: hebrew878 on January 04, 2013, 01:16:18 PM
how this can be ?? sha1(strtolower({username}) . {password}) == hex_sha1(hex_sha1(doForm.user.value.php_to8bit().php_strtolower() + doForm.passwrd.value.php_to8bit()) + cur_session_id); ?

You have it written in the line you posted.
But this is valid only if you use SMF's login form (or includ the necessary information to properly hash the password) with javascript enabled.

Of course you could simply:

Code Select

<?php
require_once('/path/to/forum/SSI.php');

global $user_info;
if ($user_info['is_guest'])
    // guess?
else
   // He is in

or, if you need a login forum you can:

Code Select

<?php
require_once('/path/to/forum/SSI.php');
ssi_login('http://url_to_be_redirected.to/after/login');

and then the previous one, etc.

BTW, answer Arantor's questions is usually much more useful than try to find a solution.

Arantor · January 04, 2013, 03:01:20 PM

QuoteYou have it written in the line you posted.

Not entirely. The two are not identical, especially in cases of certain foreign languages while in UTF-8 mode.

QuoteBTW, answer Arantor's questions is usually much more useful than try to find a solution.

That's the point: very likely SSI would solve his problem. But since I never found out what he was actually trying to do, I couldn't tell whether it was the right thing to suggest.

QuoteBut this is valid only if you use SMF's login form (or includ the necessary information to properly hash the password) with javascript enabled.

And if you don't, there's something different to use instead... but since the OP never told me that either, it's not like I could have advised.

hebrew878 · January 04, 2013, 10:37:00 PM

Quote from: emanuele on January 04, 2013, 03:00:13 PM
Quote from: hebrew878 on January 04, 2013, 01:16:18 PM
how this can be ?? sha1(strtolower({username}) . {password}) == hex_sha1(hex_sha1(doForm.user.value.php_to8bit().php_strtolower() + doForm.passwrd.value.php_to8bit()) + cur_session_id); ?

You have it written in the line you posted.
But this is valid only if you use SMF's login form (or includ the necessary information to properly hash the password) with javascript enabled.

Of course you could simply:
Code Select Expand
<?php require_once('/path/to/forum/SSI.php'); global $user_info; if ($user_info['is_guest']) // guess? else // He is in
or, if you need a login forum you can:
Code Select Expand
<?php require_once('/path/to/forum/SSI.php'); ssi_login('http://url_to_be_redirected.to/after/login');
and then the previous one, etc.

BTW, answer Arantor's questions is usually much more useful than try to find a solution.

can you convert this hex_sha1(hex_sha1(doForm.user.value.php_to8bit().php_strtolower() + doForm.passwrd.value.php_to8bit()) + cur_session_id); into php code??

Arantor · January 04, 2013, 11:07:37 PM

I can, but I won't, because I'm pretty sure you're trying to do something that you don't need to do, but since you won't actually tell me what you're trying to do... I'm not going to waste my time on something that's probably a dead end anyway.

hebrew878 · January 04, 2013, 11:27:30 PM

everyone has a reason to make thread ,no one makes thread for timepass or without any needs

News:

hash_passwrd