Hashing Algorithm?

Discussion in 'Integration' started by problemzoom, Nov 27, 2012.

  1. problemzoom

    problemzoom New Member

    Joined:
    Aug 16, 2012
    Messages:
    6
    Pretty simple what hashing algorithm does aMember use. Is there any hidden salts I should know about or anything of that sort? I'd like to generate the same hash stored in the "am_user" table with the plain-text password.
  2. alexander

    alexander Administrator Staff Member

    Joined:
    Jan 8, 2003
    Messages:
    6,274
    Check /amember/library/Am/Crypt.php (class Am_Crypt_Strong)
    Key file which is used by aMember can be found in /amember/application/configs/key.php
    Btw, here is how you can use this through Am_Di api:
    PHP:
    include '/amember/bootstrap.php'// Include aMember core
    $di Am_Di::getInstance(); // Get DI objet;
    $crypted $di->crypt->encrypt('test');
    $test $di->crypt->decrypt($crypted);

  3. problemzoom

    problemzoom New Member

    Joined:
    Aug 16, 2012
    Messages:
    6
    I can't seem to get it working. Here is what I have.

    PHP:
    include '/members/bootstrap.php';
     
    $di Am_Di::getInstance();
    $hash $di->crypt->encrypt('test'); 
    echo 
    $hash;
    I have verified that bootstrap.php is infact in the ./members/ folder.
  4. alexander

    alexander Administrator Staff Member

    Joined:
    Jan 8, 2003
    Messages:
    6,274
    Do you get error error message? What happen when you try to use this code?
  5. problemzoom

    problemzoom New Member

    Joined:
    Aug 16, 2012
    Messages:
    6
    I got it figured out I just had to remove the leading slash ie: '/members/bootstrap.php' to 'memebers/bootstrap.php'.

    However, I'm still having a problem I hash the password and I'm getting "+l8RAstP0IgXcMSd9PS1iA==" as the hash when I should be getting "$P$BwczAvYfP1VUMb8M8pP8T0fAH4V40O.". This is the same password for both hashes the first one was generated from alexander's Am_Di script and the later was generated by the aMember log in form.

    Please help have to get this one figured out soon as possible.
  6. alexander

    alexander Administrator Staff Member

    Joined:
    Jan 8, 2003
    Messages:
    6,274
    Well it seems I haven't understood you before.
    if you want to hash user's passwords in the same way as this is done inside aMember, use this instead:
    $cryptedPass = User::cryptPass('password');
  7. problemzoom

    problemzoom New Member

    Joined:
    Aug 16, 2012
    Messages:
    6
    Getting ever closer alexander I really do appreciate the help. With your snippet I'm getting "$P$B.Bs1oZ130DOV4TTmrk1zOa.DQihlX." and should be getting "$P$BwczAvYfP1VUMb8M8pP8T0fAH4V40O." Looking much closer though.
  8. alexander

    alexander Administrator Staff Member

    Joined:
    Jan 8, 2003
    Messages:
    6,274
    You get your password crypted the same way as aMember does this.
    However resulting hash will be different it was created using different salt.
    if you want to validate plain_text password for user use this code:
    PHP:
    //Load user object;
    $user Am_Di::getInstance()->userTable->load(USER_ID);

    $result $user->checkPassword('PLAINTEXTPASSWORD');
    // $result = true if password is correct; 

  9. problemzoom

    problemzoom New Member

    Joined:
    Aug 16, 2012
    Messages:
    6
    Thank you much alexander. It worked like a charm. Just forewarning I will be annoying you a lot in the near future.

Share This Page