Advertisement:

Author Topic: Verifying password hash  (Read 1891 times)

Offline Mike Bobbitt

  • Full Member
  • ***
  • Posts: 597
    • Army.ca
Verifying password hash
« on: September 26, 2017, 06:14:39 AM »
Upgraded a test forum to the nightly build this morning, and everything looks great.

However, I use an external script to authenticate board users and regulate access to non-SMF areas. (So you can't access some pages unless you are logged in.) In this script, I read the username/password from the local cookie, and compare it against the db password hash for that user using the good old SHA1 hashing:

$passhash = sha1(strtolower($username) . $password);

I'm not sure what mechanism is in use under 2.1, but am looking for the equivalent process.


Thanks!
Mike

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 69,123
    • StoryBB/StoryBB on GitHub
Re: Verifying password hash
« Reply #1 on: September 26, 2017, 06:24:33 AM »
Because including SSI.php and having SMF entirely do it for you isn't an option?
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

Nothing turns to hate so bitter as what once was love.

Offline Mike Bobbitt

  • Full Member
  • ***
  • Posts: 597
    • Army.ca
Re: Verifying password hash
« Reply #2 on: September 26, 2017, 06:50:34 AM »
Good point, I will now simply check $context['user']['is_logged'] for the user's authentication status. Thanks.