[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[jfw] Re: Issue with Joomla\Crypt\Password\Simple

Hi Michael,

Thanks for the answer!
Do you mean using the native PHP hash functions: http://php.net/manual/en/function.password-hash.php

This certainly can be a solution, but, since it's a PHP core function, couldn't it be integrated inside the Joomla! Framework library?

Currently the Simple.php performs the following:

case PasswordInterface::JOOMLA:
   $salt = $this->getSalt(32);
   return md5($password . $salt) . ':' . $salt;

Can't the class be updated so to use password_hash() instead?

Il giorno giovedì 22 settembre 2016 10:52:01 UTC+2, Elena Cenacchi ha scritto:

I am crypting user passwords, before storing them in the database using the following code in my Model:

use Joomla\Crypt\Password\Simple;

$this->simplepw=new Simple();       

Anyhow, I notice that often the password is generated in a wrong format: the string contains invalid characters like . / ecc... If I repeat the procedure one or two times, then finally the password is generated in the correct format, and everything works.
A practical example: let's say I want to store the "test" password:

1st trial stores: 44a561c12a9d6a1279058e2a5e337648:z8k6H3pccyCeso0VJgntlpjs/g2S9OXq
2ns trial stores: f084288fddba112578d2f6d9a37cee0f:cB609FIrfx3E0R8lGp65WNi.4FYuYf8/
3rd trial stores: b41d97a35f4ed1015ca93738410098c5:JrjTpJk.xncGGf8.Anoaory4LQpQSQRN
4th trial stores: 563e29fa45b0b5dd2cd1afda6172eba4:XjLZyV9gIC9ZjfRLBD26artyANnsxKGD
(and this is valid)

The behavior is random, some time the 1st trial is ok, some others it takes more shots (usually < 5).

Do you have any hint about why this happens?


Framework source code: https://github.com/joomla-framework
Visit http://developer.joomla.org for more information about developing with Joomla!
You received this message because you are subscribed to the Google Groups "Joomla! Framework Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-framework+unsubscribe AT googlegroups.com.
Visit this group at https://groups.google.com/group/joomla-dev-framework.