I have a custom list of users that i need to import and will just bang them into the user table, however i see its using some weird looking hashing, where can i see exactly in the code where these are generated so i can adapt.
I've noticed in the table there is a HashMethod and this by default looks to be 'Vanilla', im just trying to work out where this can be set, and what valid alternatives are.
The hash method more or less uses phppass which is pretty much the strongest, most secure hash you can use.
However, if you put plain text passwords in as hash method Vanilla then users can sign in and their methods will be converted upon first sign in.
You can also use the following hash methods found in /library/core/class.passwordhash.php:
django
phpbb
punbb
reset: tells users to reset their passwords when they try and sign in
random: tells users they don't have a password yet
smf: Simple Machines Forums
vbulletin: the salt is the last 4 characters of the password.
If you have something sort of custom that uses a hash with or without a salt then I recommend using django. It's quite flexible. Passwords in django have the following format:
algorithm$salt$hash
algorithm This is the hash algorithm and is one of crypt, md5, sha1.
salt This is the password salt that a lot of systems use. If you don't have a salt then you can just use algorithm$$hash which is equivalent to an empty salt.
hash This is the password hash.
The algorithm then just does the following to check the password:
Answers
Md5 isnt it
There was an error rendering this rich post.
I've noticed in the table there is a HashMethod and this by default looks to be 'Vanilla', im just trying to work out where this can be set, and what valid alternatives are.
The hash method more or less uses phppass which is pretty much the strongest, most secure hash you can use.
However, if you put plain text passwords in as hash method Vanilla then users can sign in and their methods will be converted upon first sign in.
You can also use the following hash methods found in /library/core/class.passwordhash.php:
If you have something sort of custom that uses a hash with or without a salt then I recommend using django. It's quite flexible. Passwords in django have the following format:
algorithm$salt$hashThe algorithm then just does the following to check the password:
algorithm($salt.$password) == $hash