Hashing password to compare with database

Need some custom code changes to the phpBB core simple enough that you feel doesn't require an extension? Then post your request here so that community members can provide some assistance.

NOTE: NO OFFICIAL SUPPORT IS PROVIDED IN THIS SUB-FORUM
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

NOTE: NO OFFICIAL SUPPORT IS PROVIDED IN THIS SUB-FORUM
Cjk75
Registered User
Posts: 17
Joined: Mon Oct 14, 2024 4:16 am

Hashing password to compare with database

Post by Cjk75 »

I've read a ton of topics but most were old and password hashing changed with new versions.

If I have $pass with a password a user entered, how can i run it through the same hash and compare it with the stored password in the database to ensure the credentials are correct? I've dug through the code looking for a call to a hash function and I can't find it. I also cant get the $passwords_manager to convert $pass to a hash.

Thank you for any help or links.
User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 6601
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.

Re: Hashing password to compare with database

Post by thecoalman »

Cjk75 wrote: Sun Jan 26, 2025 7:19 am I've read a ton of topics but most were old and password hashing changed with new versions.
AFAIK old passwords are compatible and updated with new ones as the users login, it's not something you should need to manage.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison
Cjk75
Registered User
Posts: 17
Joined: Mon Oct 14, 2024 4:16 am

Re: Hashing password to compare with database

Post by Cjk75 »

thecoalman wrote: Sun Jan 26, 2025 12:56 pm
Cjk75 wrote: Sun Jan 26, 2025 7:19 am I've read a ton of topics but most were old and password hashing changed with new versions.
AFAIK old passwords are compatible and updated with new has as the users login, it's not something you should need to manage.
I understand that but i am using the same login information for multiple uses so users have 1 enrollment and not 2.
User avatar
Steve
Registered User
Posts: 1620
Joined: Tue Apr 07, 2009 7:48 pm
Location: Co. Durham, England
Name: Steven Clark

Re: Hashing password to compare with database

Post by Steve »

Your web browser/phone can store passwords that allow multiple logins via the website..., I see no business here other than to try and work out how to exploit the password system. ?
@ The Chief Medical Officers guideline for men is that: You are safest not to drink regularly more than 14 units per week.
- I drank that today++ :lol: 🍺
Cjk75
Registered User
Posts: 17
Joined: Mon Oct 14, 2024 4:16 am

Re: Hashing password to compare with database

Post by Cjk75 »

Steve wrote: Sun Jan 26, 2025 5:37 pm Your web browser/phone can store passwords that allow multiple logins via the website..., I see no business here other than to try and work out how to exploit the password system. ?
Then the user has to have multiple passwords on my site. That isn't useful at all for them.

Forums at http://goelombardy.com/phpBB3
When i enable the ability to rate and add comments on the main site i want them to be logged in to avoid trolls. But i would rather have the main site have a login that doesn't redirect to the forums. That isn't seamless and would be poor web design on my part. I want the main site and forums to mesh better than 2 logins.
User avatar
Steve
Registered User
Posts: 1620
Joined: Tue Apr 07, 2009 7:48 pm
Location: Co. Durham, England
Name: Steven Clark

Re: Hashing password to compare with database

Post by Steve »

Use an extension that allow's third party logins. look here: https://www.phpbb.com/customise/db/
@ The Chief Medical Officers guideline for men is that: You are safest not to drink regularly more than 14 units per week.
- I drank that today++ :lol: 🍺
Cjk75
Registered User
Posts: 17
Joined: Mon Oct 14, 2024 4:16 am

Re: Hashing password to compare with database

Post by Cjk75 »

Steve wrote: Sun Jan 26, 2025 6:57 pm Use an extension that allow's third party logins. look here: https://www.phpbb.com/customise/db/
I see the plugin for handing third party oauth requests but that doesn't allow users on the main site to use the forum username and pass to login.
User avatar
Steve
Registered User
Posts: 1620
Joined: Tue Apr 07, 2009 7:48 pm
Location: Co. Durham, England
Name: Steven Clark

Re: Hashing password to compare with database

Post by Steve »

Having the ability to remember your name and passwords, is down to the individual accessing the website, not yours.
@ The Chief Medical Officers guideline for men is that: You are safest not to drink regularly more than 14 units per week.
- I drank that today++ :lol: 🍺
Cjk75
Registered User
Posts: 17
Joined: Mon Oct 14, 2024 4:16 am

Re: Hashing password to compare with database

Post by Cjk75 »

Steve wrote: Sun Jan 26, 2025 8:54 pm Having the ability to remember your name and passwords, is down to the individual accessing the website, not yours.
It is also the webmaster's headache and poor coding to force the user to use 2 sets of credentials for 1 site.
User avatar
Steve
Registered User
Posts: 1620
Joined: Tue Apr 07, 2009 7:48 pm
Location: Co. Durham, England
Name: Steven Clark

Re: Hashing password to compare with database

Post by Steve »

So offer alternative logins via extension validated via phpbb.
@ The Chief Medical Officers guideline for men is that: You are safest not to drink regularly more than 14 units per week.
- I drank that today++ :lol: 🍺
Cjk75
Registered User
Posts: 17
Joined: Mon Oct 14, 2024 4:16 am

Re: Hashing password to compare with database

Post by Cjk75 »

Steve wrote: Sun Jan 26, 2025 9:47 pm So offer alternative logins via extension validated via phpbb.
We're going in circles... That helps with those who use google or discord but not the username and password method in the forums.
User avatar
Steve
Registered User
Posts: 1620
Joined: Tue Apr 07, 2009 7:48 pm
Location: Co. Durham, England
Name: Steven Clark

Re: Hashing password to compare with database

Post by Steve »

Cjk75 wrote: Sun Jan 26, 2025 9:57 pm
Steve wrote: Sun Jan 26, 2025 9:47 pm So offer alternative logins via extension validated via phpbb.
We're going in circles... That helps with those who use google or discord but not the username and password method in the forums.
It's you that is pursuing the method of detection for passwords, not me...
@ The Chief Medical Officers guideline for men is that: You are safest not to drink regularly more than 14 units per week.
- I drank that today++ :lol: 🍺
Cjk75
Registered User
Posts: 17
Joined: Mon Oct 14, 2024 4:16 am

Re: Hashing password to compare with database

Post by Cjk75 »

Steve wrote: Sun Jan 26, 2025 10:01 pm
Cjk75 wrote: Sun Jan 26, 2025 9:57 pm

We're going in circles... That helps with those who use google or discord but not the username and password method in the forums.
It's you that is pursuing the method of detection for passwords, not me...
Then you don't get what I'm trying to do then... Never mind.
User avatar
Steve
Registered User
Posts: 1620
Joined: Tue Apr 07, 2009 7:48 pm
Location: Co. Durham, England
Name: Steven Clark

Re: Hashing password to compare with database

Post by Steve »

So solved?
Re: Hashing password to compare with database
@ The Chief Medical Officers guideline for men is that: You are safest not to drink regularly more than 14 units per week.
- I drank that today++ :lol: 🍺
Cjk75
Registered User
Posts: 17
Joined: Mon Oct 14, 2024 4:16 am

Re: Hashing password to compare with database

Post by Cjk75 »

Steve wrote: Sun Jan 26, 2025 10:08 pm So solved?
Re: Hashing password to compare with database
No it isn't. You seem to think im trying to hack or unhash a password. I want to use the same hash method so i can see if a user entered password matches the value in the database. How is that nefarious?

Return to “phpBB Custom Coding”