[pmwiki-users] DBAuth addition to AuthUser.php . . .
Benjamin Wilson
ameen at dausha.net
Wed Jul 20 19:08:00 CDT 2005
Patrick R. Michaud wrote:
> On Sun, Jul 17, 2005 at 03:34:17PM -0500, Benjamin Wilson wrote:
>
>>I have posted _a_ database tie-in for Authuser. The code is pretty ugly,
>>but it allowed me to tie into the database.
>
>
> Cool! I'm going to see about adapting it into authuser.php directly.
>
>
>>Also, the database I was connecting to was using sha1() to encrypt the
>>passwords in the database. I had to add code to Authuser to make that
>>work. Specifically, after Authuser checks crypt() to see if the password
>>is valid, it checks for sha1() via an elseif block.
>
>
> Authuser.php has a _crypt() function that is supposed to
> understand SHA1 encryption as long as the encrypted password
> begins with '{SHA}'. Are the encrypted passwords in the database
> not stored with a '{SHA}' prefix...? (It's no problem if they
> aren't -- I just wanted to check.)
Database stores as char (32, I think). The only reason I realized they
were using sha1() is when I tried md5() and got an odd response then
went snooping through their code. The encryption is otherwise raw.
I didn't use _crypt() because it didn't work--but now I know why. I
figured the easiest-enough way is to set up a case-statement and run
through the realm of encryption from most probable to least--the most
probable being PmWiki's internally prefered mechanism. Then, you don't
need to do anything special to detect.
Ben
More information about the pmwiki-users
mailing list