We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Password Encryption | Forum

Topic location: Forum home » Support » General Questions
Keelan Leader
Keelan Nov 13 '11
What encryption does Oxwall use for user passwords i know it uses the salt but what else? I am planning to bridge two databases for another table i use for something else. 
Den Team
Den Nov 14 '11
It adds a salt to user's password. After that it encrypts the result with sha256 encryption. 
The Forum post is edited by Den Nov 14 '11
Keelan Leader
Keelan Nov 14 '11
Does it take into account the username? I think my other database does the same but takes into account the username which will suck ha.
Den Team
Den Nov 14 '11
You mean does it encrypts username? No, it isn't :)
Stephna
Stephna Aug 10 '15

0down votefavorite

I have tried it but doesnt reflect properly. Someone please help me...

This is my salt value from config.php

define('OW_PASSWORD_SALT', 'xEHNxiEXdz7GK');

When i enter the password as 31121993Aa from signing up it generates

82416b9973e6fc2279f8e2c54eae6c0d555eae5ad1760985ce1a65b1139c0320

But when I create a custom sign up page which inserts data into this table and I use the same password i.e 31121993Aa and I get

db57e80826fd86d6b00aebf21b34d1c382e123d17a02a1d008ced708af81441e

when i use this code in my php

$username=$_POST['username']; $password=$_POST['password']; $salt = 'xEHNxiEXdz7GK'; $pass = "password"; $hashit = hash('sha256',$salt.$pass); $password1=$_POST['password1']; mysql_query("INSERT INTO oxwa_base_user(username,password,password1,email)VALUES('$username','$hashit','$password1','$mail')");

Please help me....

Taissa Team
Taissa Aug 11 '15
Stephna, please click this link to see the answer: http://www.oxwall.org/forum/topic/13705?page=1#post-156994. Don't duplicate your questions.
The Forum post is edited by Taissa Aug 11 '15
Michael
Michael Jun 28 '16
So we gotta go thru all that just to reset a users password for them.......seems like there should be an option for admins to do this.....
dave Leader
dave Jun 28 '16
no because there is a think called forgot password and they should use it, admin should never have to reset a password.. if that is the case then that persons email is not correct or has never been verified.  make them use the forgot pw link, that is what its there for. 
OW-Ghost
OW-Ghost Jun 29 '16
i was use a plugin in oxwall store for this...i could change passwords for my members but with 1.8.3 that plugin not works anymore and the developer did hide in some cave and waiting for him come back again