Thanks for the answer!
Do you mean using the native PHP hash functions: http://php.net/manual/en/function.password-hash.php
This certainly can be a solution, but, since it's a PHP core function, couldn't it be integrated inside the Joomla! Framework library?
Currently the Simple.php performs the following:
$salt = $this->getSalt(32);
return md5($password . $salt) . ':' . $salt;
Can't the class be updated so to use password_hash() instead?
Il giorno giovedì 22 settembre 2016 10:52:01 UTC+2, Elena Cenacchi ha scritto:
I am crypting user passwords, before storing them in the database using the following code in my Model:
Anyhow, I notice that often the password is generated in a wrong format: the string contains invalid characters like . / ecc... If I repeat the procedure one or two times, then finally the password is generated in the correct format, and everything works.
A practical example: let's say I want to store the "test" password:
1st trial stores: 44a561c12a9d6a1279058e2a5e337648:z8k6H3pccyCeso0VJgntlpjs/g2S9OXq
2ns trial stores: f084288fddba112578d2f6d9a37cee0f:cB609FIrfx3E0R8lGp65WNi.4FYuYf8/
3rd trial stores: b41d97a35f4ed1015ca93738410098c5:JrjTpJk.xncGGf8.Anoaory4LQpQSQRN
4th trial stores: 563e29fa45b0b5dd2cd1afda6172eba4:XjLZyV9gIC9ZjfRLBD26artyANnsxKGD
(and this is valid)
The behavior is random, some time the 1st trial is ok, some others it takes more shots (usually < 5).
Do you have any hint about why this happens?