I can't find out how Joomla encrypted passwords. My problem is that i want to make the exact method as Jommla does in a simple php page with a form and without any OOP method.
So this is my input as a password:
test
and this is my output as an ancrypted password in Joomla database:
$2y$10$XXrVok3/3Otqg6FmqFzUmObA.rLpLt.BswwSJ7d.iCPoGSJtcqSvm
I found out that it is maybe in connection with the BLOWFISH encrytion, but it needs something else (for example: generated salt or a token in the database which i couldn't find)
Joomla! uses PhPass.
root/libraries/phpass/PasswordHash.php
have a look here. you will see here how the password is generating.
The $2y is the default (and preferred) prefix on bcrypt hashes. As for code, you'll want to look inside JUserHelper's hashPassword and verifyPassword methods to see how Joomla's working with things right now.
Some Referances -
https://github.com/joomla/joomla-cms/blob/3.4.1/libraries/joomla/user/helper.php#L296-L387
https://docs.joomla.org/API15:JUserHelper/getCryptedPassword
https://docs.joomla.org/API15:JUserHelper/getSalt
Check the links, I hope you it will help you ;)
Hi the encryption is made by the class named 'PasswordHash.php' that in joomla is located under libraries/phpass.
If you want to use in a php script out of joomla framework you can import only this class.
This is a exhample:
<?php
require 'PasswordHash.php';
header('Content-type: text/plain');
$t_hasher = new PasswordHash(10, TRUE);
$correct = 'test';
$hash = $t_hasher->HashPassword($correct);
print 'Hash: ' . $hash . "\n";
//Get password to check from get variable
$p=$_GET['p'];
//check if is correct
$check = $t_hasher->CheckPassword($p, $hash);
if ($check){
print 'CORRECT PASSWORD';
}
else {
print 'WRONG PASSWORD';
}
?>
Then you call this script with yourcriptname.php?p=PASSWORDTOCHECK.
Here you can find the documentation of the class http://www.openwall.com/phpass/
Thank you your reply
I use your code in my page with a form but the output ($hash) is not the same that i want
<?php
require 'PasswordHash.php';
if(isset($_POST['send'])) {
$t_hasher = new PasswordHash(10, TRUE);
$correct = $_POST['pass'];
$hash = $t_hasher->HashPassword($correct);
print 'Hash: ' . $hash . "\n";
}
?>
<form action="" method="post">
<input type="text" name="pass">
<input type="submit" name="send" value="send">
</form>
this is my code and the class is in the root directory so it works fine.
So the output is always different, This hash might stored somewhere in the code or in the database to generate this ($2y$10$XXrVok3/3Otqg6FmqFzUmObA.rLpLt.BswwSJ7d.iCPoGSJtcqSvm) password
Related
Welcome to use the WordPress template developer allows the addition of servers to watch movies I have some problems are when you add a server and update the article is updated but returns the right empty or not added and then when you delete the server is not deleted I checked the error record and this is the result
[21-Sep-2018 10:42:50 UTC] PHP Warning: array_combine() expects parameter 2 to be array, boolean given in /home3/mysite/public_html/wp-content/themes/movie/functions.php on line 154
File functions.php
https://3bdo.info/functions.zip
The linked zip file seams to be broken so I cannot extract the file.
But in general the error message says, that you have to use two arrays to call array_combine. You seam to try to combine an array (which is like a list) and a boolean (which is like yes/no). And that is not possible.
$android_servers_title2 = servers_get_meta( 'android_download_server_title' );
$android_servers_code2 = servers_get_meta( 'android_download_server_link' );
/* foreach($servers_title as $server_title)
{
echo "<label for='servers_server_title'>Server Title</label>";
echo " <br><input type='text' name='servers_server_title[]' id='servers_server_title' value='" . $server_title . "'><br>";
} */
if($android_servers_title2){
$android_arraye2 = array_combine($android_servers_title2, $android_servers_code2);
}else {
$android_arraye2 = false;
}
This is basically your problem. servers_get_meta is returning 'false' I would imagine. Check that 'android_download_server_link' is set. you may wish to change the if statement code to detect a false
if($android_servers_title2 && $android_servers_code2){
I created a plugin in wordpress to display earnings by using a shortcode.The details to display while using shortcode are stored in another database.I used direct database connection in plugin to fetch details from the that database.I used the following code
function earnings_shortcode($atts, $content, $tag)
{ //echo $atts[0];echo '<br>';
$str=base64_encode(1);
base64_decode($str);
$length = 4;
$res = trim(preg_replace("/[^0-9]/", "", $atts[0]));
$mydb1 = new wpdb('root','','db_test','localhost');
$rows = $mydb1->get_row("SELECT total,paydate FROM `tbl_shotcode` WHERE userid = $res", ARRAY_A);
echo "Payout on -" .$rows['paydate']; echo '<br/>';
echo "Total for next Pay Period:-" .$rows['total'];
}
Is there any better option to access another database inside a plugin with out hard coding the username and password.please suggest a solution.
No, you have to access the database and be authenticated to do queries. You can't get into a properly configured database without login in.
You can, however, make your $mydb1 variable global and define it at the top of your file (or in your constructor class) to be accessed by all your functions. I recommend putting it in a class to manage it more easily.
I am working on a bitrix site. A form was created linking into an information block that has a sorting of 100.
<? echo print_input($arParams, $arResult, 100) ;?>
I wanted to use the default user data like name, last name, email etc. of the current log user. How do I approach that?
Any help would much be appreciated.
On every page - $USER object is available - it contains information about current logged in user.
Contains this methods to retrieve info about current user:
GetID
GetLogin
GetEmail
GetFullName
GetFirstName
GetLastName
GetParam
GetUserGroupArray
GetUserGroupList
GetUserGroupString
Or you can use it like this
<?php
global $USER;
$rsUser = CUser::GetByID($USER->GetID());
$arUser = $rsUser->Fetch();
// print current user info
echo "<pre>"; print_r($arUser); echo "</pre>";
?>
here is more info about CUser class in official documentation (Russian)
I am about to import about 10,000 users to my Wordpress site from another CMS. Problem is, none of their passwords are going to work because they are not encrypted.
How do I encrypt all of these passwords quickly and in a way that Wordpress will recognize and accept so that users can login?
As encryption and hashing are different stuff, I assume all these passwords are in plain text format. In this case, all you have to do is to apply the md5 algorithm on them.
You can do it from a SQL or a PHP importing script. Take a look at the Resetting Your Password Codex page, and that should give you some light.
Anyway, you won't go too far from:
require_once( ABSPATH . WPINC . '/registration.php');
$sql = "SELECT ALL USERS FROM YOUR TABLE";
$db = new wpdb (DB_USER, DB_PASSWORD, DB_NAME, DB_HOST);
$result = $db->get_results($sql);
foreach ($result as as $r) {
wp_update_user(array(
'user_login' => $r->username,
'user_pass' => $r->password,
'user_firstname' => $r->first_name
));
}
Take a look on the get_userdata function documentation to see what user info you can import at first moment.
As it turns out, I found a couple of other ways to do this. One is done through your mysql phpmyadmin area (on the "sql" tab once you've selected the right database) and was posted by Andrew Vit on another thread within stackoverflow:
UPDATE wp_users SET user_pass = MD5(user_pass) WHERE ...
for the "where" condition, if all your passwords are the same length, you might use the following condition:
WHERE CHAR_LENGTH(wp_users.user_pass) = 12
Of course, if your password length is different, simply change the "12" above to whatever the length of your passwords is. If they are NOT the same character length then you'll have to use some other criteria for determining which passwords to encrypt (unless they ALL need to be encrypted, in which case you can leave the "where" condition off entirely.
I personally ended up using a php script to do the work, so that the passwords could be encrypted by Wordpress itself (or at least using the method that Wordpress uses). Here are the contents of my php file:
<?php
require_once '/home/evaluate/public_html/members-blog/wp-config.php';
$sql="SELECT user_pass,ID FROM wp_users WHERE CHAR_LENGTH(wp_users.user_pass) = 12";
$find = mysql_query($sql) or die(mysql_error());
while($row = mysql_fetch_array($find))
{
$current_password = $row['user_pass'];
$current_id = $row['ID'];
$hashed_password = wp_hash_password( $current_password );
$update_sql= "UPDATE wp_users SET user_pass = '" . $hashed_password . "' WHERE ID = " . $current_id . "";
$update = mysql_query($update_sql) or die(mysql_error());
echo $current_id . " " . $hashed_password;
echo "<br />";
}
?>
Done this way, not only are the passwords encrypted using Wordpress' own method, but, you also get a printout on your screen each time you run the script, showing you the ID of all the records that were updated and providing the corresponding hashed password.
I'm trying to get the avatar (profile picture) located in the $profile array to appear in a BLOCK. The variable $profile is not accessible from blocks. It's scope is only in that actual user-profile.tpl.php file. So... does anybody know how I can execute something like this:
print $profile[user_picture];
in a drupal BLOCK?
I figured i might as well post it here as well. See my second comment on the first thread in this discussion. Below is my code I used with INSERT VIEW to get what I wanted:
<?php
$profileUser = "";
if (arg(0) == "user") {
$profileUser = arg(1);
}
// removed some other checks i do to populate $profileUser
?>
[view:VIEWED_PROFILE_AVATAR=block=<?php print $profileUser; ?>]
I hope that helps someone.
You can try using the following code in a new block (admin/build/block/add):
<?php
global $user;
$output = theme_image($user->picture, $alt = 'user pic', $title = 'user pic');
print $output;
This gives you access to the global $user variable and then you can use the picture property to get the URL for the current users profile picture.