HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Please upgrade here. These earlier versions are no longer being updated and have security issues.

How to add a custom password hashing method?

edited March 2012 in Vanilla 2.0 - 2.8

It's me again with yet more questions.....

How do I go about adding a new (custom) user password hashing method without modifying the framework?

I want to add a very simple new hasing method called "fl" which would simply take md5 of raw password.

I tried adding a new "case" statement to "library/core/class.passwordhash.php" as well as setting appropriate hashing method name in gdn_user HashMethod field. Didn't work. When I try to login the javascript just hangs, only return error if I enter non-existing user name.

Tagged:

Best Answer

  • ToddTodd Chief Product Officer Vanilla Staff
    Accepted Answer

    This isn't something we currently support without modifying the code. If you want a straight md5 hash I just recommend you use the django hash method. You need to augment your password hashes a little bit.

    Let's say your md5 is something like 289111d9eac1a9aa35f4f63dc7b68a0a. Just prefix that with md5$$ which would give you md5$$289111d9eac1a9aa35f4f63dc7b68a0a.

Answers

  • ToddTodd Chief Product Officer Vanilla Staff
    Accepted Answer

    This isn't something we currently support without modifying the code. If you want a straight md5 hash I just recommend you use the django hash method. You need to augment your password hashes a little bit.

    Let's say your md5 is something like 289111d9eac1a9aa35f4f63dc7b68a0a. Just prefix that with md5$$ which would give you md5$$289111d9eac1a9aa35f4f63dc7b68a0a.

  • Your django solution worked! Thanks a lot!

Sign In or Register to comment.