Joomla 3.2.1密码加密 [英] Joomla 3.2.1 password encryption

问题描述

当用户在站点上注册时，我在密码表中的数据库joomla_users中查找，密码以以下格式存储:

When the user register on the site , and I look in the database joomla_users in the password table, there are password stored in the following formats:

• $ P $ Do8QrURFT1r0NlWf0X/grdF/aMqwqK/

• $P$Do8QrURFT1r0NlWf0X/grdF/aMqwqK/

$ P $ DH38Lch9z508gJiop3A6u0whTity390

$P$DH38Lch9z508gJiop3A6u0whTity390

但不是文档中描述的形式(MD5 +:" + SALT):

But not in the form as described in the documentation (MD5 + ":" + SALT):

• 1802ebc64051d5b4f4d1b408babb5020:0PHJDbnsyX05YpKbAuLYnw2VCzFMW2VK <​​/li>

• 1802ebc64051d5b4f4d1b408babb5020:0PHJDbnsyX05YpKbAuLYnw2VCzFMW2VK

我需要为我澄清这一点，因为我正在使用外部脚本来检查用户凭据以检查密码是否匹配.

I need to have this clarified for me, because I'm using outside script that checks for user credentials to check for password match.

在我的PHP脚本中，我有一些代码将SALT与数据库中的密码分开:

In my PHP script I have code that seperates SALT from password from database:

$parts   = explode( ':', $password_database );
$crypt   = $parts[0];
$salt   = $parts[1];

但是，如果没有结状结(:)，我将无法做到

But I can't do that if there is no dobule knot (:)

推荐答案

尝试一下，

以下代码段创建了Joomla标准密码(旧版1.5、1.7等).

The following piece of code is creating Joomla standard password (Older Version 1.5,1.7 etc).

 jimport('joomla.user.helper');
 $salt = JUserHelper::genRandomPassword(32);
 $crypt = JUserHelper::getCryptedPassword($password_choose, $salt);
 $password = $crypt.':'.$salt;

Joomla 3.2 + 引入了PHP的密码算法 bcrypt ，但是如果您打算使用 bcrypt <，则需要最低PHP 5.3 + /strong>，请确保您的服务器PHP版本支持此功能，在此处了解详情.

Joomla 3.2+ introduced PHP's password algorithm bcrypt but it required a minimum PHP 5.3+ If you plan to use bcrypt make sure your server PHP version is capable for this, read more here.

其他版本的Joomla使用以下方法( Joomla 3.x )

The other Version of Joomla Using the following methods (Joomla 3.x)

 jimport('joomla.user.helper');
 $yourpass = JUserHelper::hashPassword($password_choose);

较旧的算法在最新版本中也能正常工作，唯一的区别是较旧的版本创建了65个字符的密码，而新版本则创建了34个字符串.始终使用更新的版本

The older algorithm also works fine in latest version too , only difference is older version creates a 65 character password and new one creates 34 character string. always go with updated version

此外，如果您使用的是外部脚本，则应包含如下所示的Joomla框架.这应该在您外部php文件的顶部

Also if you are using external script should include Joomla framework like below. This should at very top of your external php file

define( '_JEXEC', 1 );
define('JPATH_BASE', dirname(__FILE__) );//this is when we are in the root
define( 'DS', DIRECTORY_SEPARATOR );

require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );

$mainframe =& JFactory::getApplication('site');
$mainframe->initialise();

您还提到过，您必须检查用户凭据，然后无需检查密码格式，并且在框架加载后，所有内容都将使用下面的代码.

Also you mentioned you have to check users credential then no need to check password format and all thing just use below codes after framework loads.

   $credentials['username'] = $data['username']; //user entered name
   $credentials['password'] = $data['password']; //users entered password
   $app = JFactory::getApplication();
   $error = $app->login($credentials, $options);
   if (!JError::isError($error)) {
    // login success
    }
  else{
    //Failed attempt
   }

希望有帮助.

这篇关于Joomla 3.2.1密码加密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！