How do I register people? (Hash issue)

Discussion forum for MOD Writers regarding MOD Development.
Locked
vortexhlp
Registered User
Posts: 195
Joined: Fri Jan 09, 2009 7:51 pm

How do I register people? (Hash issue)

Post by vortexhlp »

Okay, so the issue that I have is figuring out how to login/register from my test page (outside of phpBB's directory). Obviously the bridge is there and it uses what phpBB needs to use to function but this whole phpass thing is difficult to figure out. Before I go on, let me just say that I have gone through many topics relating to this and after 2-days I decided to post here for help.

#1: I'm using Codeigniter, and php 5.5.x
#2: I'm still on phpbb 3.0.8
#3: I load the helper and have the following set: $data['hasher'] = new PasswordHash(8, false);

From what I understand, phpBB uses http://www.openwall.com/phpass/ which generates a unique hash, gets salted by something unique (not sure what though, is it hardware?), and so on... I followed this tutorial: http://sunnyis.me/blog/secure-passwords/ and the guide on the phpass website.

Here's the issue what I'm having...
The passwords listed in the database aren't at all the same size as they are when generating using phpass. They're like 34 characters or so but the hash is almost twice as long when generating. Now, I get that the hash will be different every time but I merely want to compare the value input to the database for login and insert a new hash when registering.

Checking to see if the hash is the same (not sure exactly what this does but I'm guessing it's phpass magic that checks to see if plain_password was converted and then can be understood?)

Code: Select all

$plain_password = "test";
$password_hashed = $hasher->HashPassword($plain_password);
if($hasher->CheckPassword($plain_password, $password_hashed)) {
    echo "YES, Matched";
} else {
    echo "No, Wrong Password";
}
Well, if we get the db value, how do we compare it?
$plain_password should be what the user input, let's pretend it's "test"
$password_hashed = $database_password_value; (the 32 character password from earlier)

then We run through the validation again right? if($hasher->CheckPassword etc....

The issue I'm having is that it keeps saying "No, Wrong Password". The database password is static, so it's not really pulling from the db but the db value is entered as plain text for test purposes.

Then, my next issue would be how do I convert $plain_password to a new password? Thanks a million in advance :)
User avatar
AmigoJack
Registered User
Posts: 5819
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: How do I register people? (Hash issue)

Post by AmigoJack »

Seems like you never looked into /includes/functions.php where both phpbb_hash() and phpbb_check_hash() are defined which do both jobs you're seeking.
  • The worst thing about censorship is ███████████
  • "The problem is probably not my English but you do not want to understand correctly. ... We will not come anybody anyway, nevertheless, it's best to shit this." Affin, 2018-11-20
  • "But this shit is not here for you. You can follow with your. Maybe the question, instead, was for you, who know, so you shoved us how you are." axe70, 2020-10-10
vortexhlp
Registered User
Posts: 195
Joined: Fri Jan 09, 2009 7:51 pm

Re: How do I register people? (Hash issue)

Post by vortexhlp »

AmigoJack wrote:Seems like you never looked into /includes/functions.php where both phpbb_hash() and phpbb_check_hash() are defined which do both jobs you're seeking.
I feel good right about now :D It turns out that I couldn't just use a library for codeigniter and phpass, it had to be specifically for phpBB since you guys do things a little differently. Plus it has $H$ variable instead of $P$ which changes everything. Now all the passwords store correctly and compares just fine :D

Guess my next step is to look into what phpBB does with cookies. Thanks for your help :)
Locked

Return to “[3.0.x] MOD Writers Discussion”