Advertisement:

Author Topic: Verifying password hash  (Read 1160 times)

Offline Mike Bobbitt

  • Full Member
  • ***
  • Posts: 597
    • Army.ca
Verifying password hash
« on: September 26, 2017, 06:14:39 AM »
Upgraded a test forum to the nightly build this morning, and everything looks great.

However, I use an external script to authenticate board users and regulate access to non-SMF areas. (So you can't access some pages unless you are logged in.) In this script, I read the username/password from the local cookie, and compare it against the db password hash for that user using the good old SHA1 hashing:

$passhash = sha1(strtolower($username) . $password);

I'm not sure what mechanism is in use under 2.1, but am looking for the equivalent process.


Thanks!
Mike

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 68,061
    • Arantor on GitHub
Re: Verifying password hash
« Reply #1 on: September 26, 2017, 06:24:33 AM »
Because including SSI.php and having SMF entirely do it for you isn't an option?
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline Mike Bobbitt

  • Full Member
  • ***
  • Posts: 597
    • Army.ca
Re: Verifying password hash
« Reply #2 on: September 26, 2017, 06:50:34 AM »
Good point, I will now simply check $context['user']['is_logged'] for the user's authentication status. Thanks.