THX a lot Massimo, it is very much appreciated. I'll check this ASAP. Be patient please.
On Monday, June 23, 2014 11:21:42 AM UTC+2, Massimo Di Pierro wrote: > > Hello Farmy, > > The code you posted helps and this examples the PHP algorithm: > http://pythonhosted.org/passlib/lib/passlib.hash.phpass.html > > I recorded this in Python: > > import random, hashlib > > class PHPHash(object): > CHARS = '0123456789abcdefghijklmoqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ' > def __init__(self,secret,rounds=10): > self.secret = secret > self.rounds = rounds > def hash(self,password, salt=None): > if salt is None: > salt = ''.join(random.choice(self.CHARS) for i in range(8)) > checksum = hashlib.md5(salt+self.secret).hexdigest() > for k in range(2**self.rounds): > checksum = hashlib.md5(checksum+password).hexdigest() > hashed = '$P$%s%s%s' % (chr(self.rounds+ord('0')-5),salt,checksum) > return hashed > > p = PHPHash('mysecret', rounds=13) > print p.hash('mypassword') > > Please check it an make sure you can reproduce the PHP passwords. Once > that's done we can try implement a custom validator, based on CRYPT that > will work with them. > > > > > > Massimo > > > > > > > On Sunday, 22 June 2014 15:40:32 UTC-5, farmy zdrowia wrote: >> >> I did kind of investigation by myself. >> I can see CB uses new Joomla "Portable PHP password hashing framework" >> functionality to crypt password. I noticed CB run on joomla 3.2.1, >> while my other site is on Joomla 2 >> >> Anyway at the end of pasword cryption chain there is a function >> hashPassword and verifyPassword in libraries/joomla/user/helper.php >> >> abstract class JUserHelper >> public static function hashPassword($password) >> { >> // Use PHPass's portable hashes with a cost of 10. >> $phpass = new PasswordHash(10, true); >> >> return $phpass->HashPassword($password); >> } >> >> >> public static function verifyPassword($password, $hash, $user_id >> = 0) >> { >> $rehash = false; >> $match = false; >> >> // If we are using phpass >> if (strpos($hash, '$P$') === 0) >> { >> // Use PHPass's portable hashes with a cost of 10. >> $phpass = new PasswordHash(10, true); >> >> $match = $phpass->CheckPassword($password, $hash); >> >> $rehash = false; >> } >> >> >> Indeed all my passwords starts with "$P$" >> >> Whole algorithm to crypt CB/Joomla3.2.1 password is in file >> libraries/phpass/PasswordHash.php >> >> >> >> Question now is how to transform it to web2py CUSTOMER validator. I'll >> need your help >> >> >> >> >> >>> >> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
