Forums | Mahara Community

Support /
sha1 and salt - current password method


anonymous profile picture
Account deleted
Posts: 5

19 September 2012, 9:14

Hi all,

I'm looking to create an installer for mahara, and I'm trying to figure out the method of password generation. I see that the method has changed, and not yet sure what the new method is.

What I'm hoping to do, is by-pass the salt if possible for admin?(temp measure)

if not, then the exact calculation used, (not via php) but via mysql SQL statement.

can anyone provide it please?

 

anonymous profile picture
Account deleted
Posts: 5

19 September 2012, 12:29

UPDATE usr SET password = SHA1(CONCAT($salt 'password')) WHERE id=1;

$salt, being the sat field in the usr table.

 

but this doesn't produce the same ascii characters in the password field..

I am trying to figure it out, but can't seem to find the info on your website.

any help would be appreciated.

anonymous profile picture
Account deleted
Posts: 5

28 September 2012, 15:56

no one is able to help?

not even point me to the right direction?

at all? for a simple understanding of the password encryption that's used?

A post by Account deleted was deleted

anonymous profile picture
Account deleted
Posts: 197

28 September 2012, 21:41

William,

There are instructions on the wiki.

Thanks,
Melissa.

anonymous profile picture
Account deleted
Posts: 5

28 September 2012, 23:15

Hello Melissa!

Thank you so much for your time and effort.

I actually do use that script for my NSIS installer,

but i was hoping someone could provide me the WAY it is created using SQL?

I need to change the password, based upon a variable that isn't in PHP. its NSIS.

any help would be greatly appreciated.

namaste

A post by Account deleted was deleted

Iñaki Arenaza's profile picture
Posts: 253

02 October 2012, 17:15

I don't know if it's doable in SQL. The new method (see change_password() and encrypt_password() in auth/internal/lib.php use SHA512 or bcrypt plus different salt lengths depending on the hashing/encryption algorigthm.

Saludos.
Iñaki.

anonymous profile picture
Account deleted
Posts: 5

02 October 2012, 19:25

hmmm i'm sure its doable in sql, but don't know how yet. I'm not a php guy. Are you able show me how you would change the password of admin  with that  url? like http://myplace.com/lib.php?username=admin?password=xxx.

that kind of url? i'll be able to put it into my NSIS script.

 

Thanks!

Namaste

9 results