Joomla 3.2.1 密码加密 [英] Joomla 3.2.1 password encryption

问题描述

当用户在网站上注册时，我在数据库 joomla_users 的密码表中查找，有以下格式存储的密码:

When the user register on the site , and I look in the database joomla_users in the password table, there are password stored in the following formats:

• $P$Do8QrURFT1r0NlWf0X/grdF/aMqwqK/

• $P$Do8QrURFT1r0NlWf0X/grdF/aMqwqK/

$P$DH38Lch9z508gJiop3A6u0whTity390

$P$DH38Lch9z508gJiop3A6u0whTity390

但不是文档中描述的形式(MD5 + ":" + SALT):

But not in the form as described in the documentation (MD5 + ":" + SALT):

• 1802ebc64051d5b4f4d1b408babb5020:0PHJDbnsyX05YpKbAuLYnw2VCzFMW2VK

我需要为我澄清这一点，因为我正在使用检查用户凭据的外部脚本来检查密码匹配.

I need to have this clarified for me, because I'm using outside script that checks for user credentials to check for password match.

在我的 PHP 脚本中，我的代码将 SALT 与数据库中的密码分开:

In my PHP script I have code that seperates SALT from password from database:

$parts   = explode( ':', $password_database );
$crypt   = $parts[0];
$salt   = $parts[1];

但是如果没有双结我就做不到 (:)

But I can't do that if there is no dobule knot (:)

推荐答案

试试这个，

以下代码正在创建 Joomla 标准密码(旧版本 1.5、1.7 等).

The following piece of code is creating Joomla standard password (Older Version 1.5,1.7 etc).

 jimport('joomla.user.helper');
 $salt = JUserHelper::genRandomPassword(32);
 $crypt = JUserHelper::getCryptedPassword($password_choose, $salt);
 $password = $crypt.':'.$salt;

Joomla 3.2+ 引入了 PHP 的密码算法 bcrypt，但它至少需要 PHP 5.3+ 如果您打算使用 bcrypt 确保您的服务器 PHP 版本能够执行此操作，在此处阅读更多信息.

Joomla 3.2+ introduced PHP's password algorithm bcrypt but it required a minimum PHP 5.3+ If you plan to use bcrypt make sure your server PHP version is capable for this, read more here.

其他版本的 Joomla 使用以下方法(Joomla 3.x)

The other Version of Joomla Using the following methods (Joomla 3.x)

 jimport('joomla.user.helper');
 $yourpass = JUserHelper::hashPassword($password_choose);

旧算法在最新版本中也能正常工作，唯一的区别是旧版本创建 65 个字符的密码，而新版本创建 34 个字符的字符串.始终使用更新版本

此外，如果您使用外部脚本，则应包含 Joomla 框架，如下所示.这应该在您的外部 php 文件的最顶部

Also if you are using external script should include Joomla framework like below. This should at very top of your external php file

define( '_JEXEC', 1 );
define('JPATH_BASE', dirname(__FILE__) );//this is when we are in the root
define( 'DS', DIRECTORY_SEPARATOR );

require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );

$mainframe =& JFactory::getApplication('site');
$mainframe->initialise();

您还提到您必须检查用户凭据，然后无需检查密码格式，所有内容只需在框架加载后使用以下代码即可.

Also you mentioned you have to check users credential then no need to check password format and all thing just use below codes after framework loads.

   $credentials['username'] = $data['username']; //user entered name
   $credentials['password'] = $data['password']; //users entered password
   $app = JFactory::getApplication();
   $error = $app->login($credentials, $options);
   if (!JError::isError($error)) {
    // login success
    }
  else{
    //Failed attempt
   }

希望有帮助..

这篇关于Joomla 3.2.1 密码加密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！