Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Password encrypt type

edited February 2012 in Vanilla 2.0 - 2.8

I am trying to use vanilla users table on another Codeigniter app.
But for that i need to know how is password hashed in vanilla so that i can compare it with the password entered by user upon login.

Help please to identify the method used.


  • hash and crypt are two different things, but they are both encodings. A hash is a one way encoding, it is not intended to be "decrypted".

    Actually you can use SSO like proxy connect, or jsconnect. Look them up in the documentation.

    Vanilla can use a a variety of hash methods.

    grep is your friend.

  • Yup i am going through proxyconnect plugin documentation but m unable to understand the part about setting up cookies. Can you help me please?

    I mean where i have to insert the code of setting the cookies?

    And is there any other way to change hash method of vanilla?

  • sahotataransahotataran Developer, Bay Area - CA ✭✭✭
    edited February 2012

    i found this setting in config-default.php

    $Configuration['Garden']['Cookie']['HashMethod']                = 'md5'; // md5 or sha1

    dont know if this is helpful to u in any respect

    There was an error rendering this rich post.

  • @sahotataran Thanx but its not md5 once right? I meant how to make my password exactly same hash as the one stored in vanilla DB so that i can compare them both !

  • sahotataransahotataran Developer, Bay Area - CA ✭✭✭

    frankly i have no experieince with it - i am just looking for variables that might be useful to u

    check this setting -

    $Configuration['Garden']['Cookie']['Salt'] =

    i found it in config.php

    There was an error rendering this rich post.

  • TimTim Operations Vanilla Staff

    In truth we use a library called 'phpass' which handles the hashing. It is not a 100% md5, as you can tell by the presence of the dollar signs.

    Read more about 'phpass' here

    Vanilla Forums COO [GitHub, Twitter,]

Sign In or Register to comment.