We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Get started
Google+

what is the password encryption used on oxwall | Forum

Topic location: Forum home » Development » Custom Code Modifications
Damien
Damien Aug 11 '13

hello

Excuse my English, I'm French.

I want to transfer my old site into cms oxwall

only encrypt passwords on my old site is MD5.

I want to know if it is possible to know the files to modify to change the encryption of passwords oxwall?

If not, is it possible to know the encryption used on oxwall because it seems to be SHA256, but after checking it's not that.


Thank you in advance for your answers.

#1
Mohammad
Mohammad Aug 11 '13
Hi Damien 

Oxwall uses SHA1

I had this problem with none Oxwall sites that want to move to Oxwall

The easiest option is as you are transferring your members, change their password and  send them an email 

I wrote a script for transferring users from Sharetronix to Oxwall (you can see how I did this)

I think it's possible to change Oxwall encrypt password but you certainly face a problem later


#2
dave Leader
dave Aug 11 '13

When i xfered here is how i did it

 

$salt = 'your config salt value here';

$pass = "password";

$hashit = hash('sha256', $salt . $pass);

 

echo $hashit;

 

i made the same pw for everyone and then had them use the reset (forgot) pw to reset it.

#3
Mohammad
Mohammad Aug 11 '13
Quote from Larry Backstrom I think SHA1 is used for templates. Here is the user_service function: public function hashPassword( $password )     {         return hash('sha256', OW_PASSWORD_SALT . $password);     }

Sorry for wrong information

I get it wrong with sth else
my bad

#4
Damien
Damien Aug 12 '13

Thank you so much everyone!

Where is the file with the hash function?


Cause me with SHA256 it does not work!

example:


my password is: azerty

in my database I found my encrypted password : 

6da3aaa06cdb4d027c845c6795b8f5c43dcb30ec24c50333939d4fde1d39cd17


And if I do this:

$salt = "oxwall_salt_SK750"; (original value unchanged)

$pass = "azerty";

$hashit = hash('sha256', $salt . $pass);

 

echo $hashit; = b083a3a0387a421f0df538da90e2f517c477901856b052daab33e7683ae26a5a


I tried everything, I never come to get the same encryption as my database.

The Forum post is edited by Damien Aug 12 '13
#5
dave Leader
dave Aug 12 '13
Its because your salt value is not valid, that to me does not look like a valid salt value.  Look in your ow_includes/config.php  and get the salt value from there and you will get the same hash result you need.
The Forum post is edited by dave Aug 12 '13
#6
Damien
Damien Aug 12 '13

This is what I have in my config.php :


define('OW_PASSWORD_SALT', 'oxwall_salt_SK750');
#7
dave Leader
dave Aug 12 '13

Strange the only ones i have ever seen are alphanumeric like this

define('OW_PASSWORD_SALT', '997792e687f43');

 

 

have you installed this yet, this is from an installed script right?

 

#8
dave Leader
dave Aug 12 '13
check out,  ow_system_plugins/base/bol/user_service.php  line 810
#9
Damien
Damien Aug 12 '13

I'm sorry, I'm an idiot!

I had not looked at the right file.

Now it works. 1000 thank you!

I would never have done it without your help

#10
Stephna
Stephna Aug 10 '15
I have tried it but doesnt reflect properly.  Someone please help me...


This is my salt value from config.php define('OW_PASSWORD_SALT', 'xEHNxiEXdz7GK');


When i enter the password as 31121993Aa from signing up it generates 82416b9973e6fc2279f8e2c54eae6c0d555eae5ad1760985ce1a65b1139c0320 


But when I create a custom sign up page which inserts data into this table and I use the same password i.e 31121993Aa and I get db57e80826fd86d6b00aebf21b34d1c382e123d17a02a1d008ced708af81441e when i use this code in my php


$username=$_POST['username'];$password=$_POST['password'];$salt = 'xEHNxiEXdz7GK';$pass = "password";$hashit = hash('sha256',$salt.$pass);$password1=$_POST['password1'];mysql_query("INSERT INTO oxwa_base_user(username,password,password1,email)VALUES('$username','$hashit','$password1','$mail')");




Please help me....

#11
Aliya Team
Aliya Aug 25 '15

What are the $pass and password1 in your code for ?


$username=$_POST['username'];

$password=$_POST['password'];

$salt = 'xEHNxiEXdz7GK';

$pass = "password";

$hashit = hash('sha256',$salt.$pass);

$password1=$_POST['password1'];


mysql_query("INSERT INTO oxwa_base_user(username,password,password1,email)VALUES('$username','$hashit','$password1','$mail')");



#12
kalvindarwan
kalvindarwan Dec 21 '23
We’re friendly! Our crew is always happy to help, no matter what the problem is San Diego Concrete Driveway Company
#13
mobix46952
mobix46952 Dec 26 '23
Create a cozy ambiance with our Soy Candles, a perfect harmony of elegance and eco-friendliness. Our collection boasts a variety of scents, each hand-poured by skilled artisans. Visit us to discover the soothing glow and captivating fragrances that only soy candles can provide.
#14
James Walter
James Walter Jan 2
We understand that the smooth operation of your trailer is essential to the success of your business, which is why we work quickly and efficiently to get your trailer back on the road as soon as possible. Homestead On-Site Truck Repair
#15
Start | Demo | About | Policies & Licenses | Blog | Contact Us | Oxwall Foundation | Roadmap | Developer Central | Oxwall hosting | Contribute | Partners | Donation | Community software | Dating software
© Copyright Oxwall Software
Oxwall Community Software