Joomla Salt增强密码 [英] Joomla salt enhanced password

问题描述

我怎么知道用作joomla salt增强密码加密的盐的字符串的值?

how can i know value of string which is used as salt for joomla salt enhanced password encryption??

推荐答案

Joomla为每个密码生成一个随机盐.在这里，您可以找到有关如何使用joomla方法生成密码的有价值的信息:

Joomla generates a random salt for each password. Here you can find valuable information on how to work with the joomla methods to generate passwords:

http://forum.joomla.org/viewtopic.php? f = 476& t = 308499

从那一点，您可以看到盐以密码冒号作为定界符存储在密码之后.

From that bit you can see that the salt is stored after the password with a colon as delimiter.

$salt = JUserHelper::genRandomPassword(32);
$crypt = JUserHelper::getCryptedPassword("blabla", $salt);
$password = $crypt . ':' . $salt;

我只需要用Zend_Auth编写一个Authorisiation Validator来针对Joomla(1.0)安装进行验证，我想我会在这里更新有关它的信息.我的代码片段.

I just needed to write an Authorisiation Validator with Zend_Auth to validate against a Joomla (1.0) install and I thought I'd update the information here about it. A snip of my code.

$dbAdapter = Zend_Registry::get('jdb');
$this->_authAdapter = new Zend_Auth_Adapter_DbTable($dbAdapter);
$this->_authAdapter->setTableName('jos_users')
->setIdentityColumn('username')
->setCredentialColumn('password');

//Joomla 1.0 uses hashes in the form md5(passwort + salt) + salt
$users = new Users();
$hash = $users->getHash($value);
$salt = substr($hash, strpos($hash, ':') + 1);
$password = md5($context['password'] . $salt) . ':' . $salt;

[/EDIT]

这篇关于Joomla Salt增强密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！