It adds a salt to user's password. After that it encrypts the result with sha256 encryption. 

Does it take into account the username? I think my other database does the same but takes into account the username which will suck ha.

You mean does it encrypts username? No, it isn't :)

0down votefavorite

I have tried it but doesnt reflect properly. Someone please help me...

This is my salt value from config.php

define('OW_PASSWORD_SALT', 'xEHNxiEXdz7GK');

When i enter the password as 31121993Aa from signing up it generates

82416b9973e6fc2279f8e2c54eae6c0d555eae5ad1760985ce1a65b1139c0320

But when I create a custom sign up page which inserts data into this table and I use the same password i.e 31121993Aa and I get

db57e80826fd86d6b00aebf21b34d1c382e123d17a02a1d008ced708af81441e

when i use this code in my php

$username=$_POST['username']; $password=$_POST['password']; $salt = 'xEHNxiEXdz7GK'; $pass = "password"; $hashit = hash('sha256',$salt.$pass); $password1=$_POST['password1']; mysql_query("INSERT INTO oxwa_base_user(username,password,password1,email)VALUES('$username','$hashit','$password1','$mail')");

Please help me....

Stephna, please click this link to see the answer: http://www.oxwall.org/forum/topic/13705?page=1#post-156994. Don't duplicate your questions.

So we gotta go thru all that just to reset a users password for them.......seems like there should be an option for admins to do this.....

no because there is a think called forgot password and they should use it, admin should never have to reset a password.. if that is the case then that persons email is not correct or has never been verified.  make them use the forgot pw link, that is what its there for. 

i was use a plugin in oxwall store for this...i could change passwords for my members but with 1.8.3 that plugin not works anymore and the developer did hide in some cave and waiting for him come back again