[pmwiki-users] DBAuth addition to AuthUser.php . . .

Benjamin Wilson ameen at dausha.net
Wed Jul 20 19:08:00 CDT 2005


Patrick R. Michaud wrote:
> On Sun, Jul 17, 2005 at 03:34:17PM -0500, Benjamin Wilson wrote:
> 
>>I have posted _a_ database tie-in for Authuser. The code is pretty ugly,
>>but it allowed me to tie into the database.
> 
> 
> Cool!  I'm going to see about adapting it into authuser.php directly.
> 
> 
>>Also, the database I was connecting to was using sha1() to encrypt the
>>passwords in the database. I had to add code to Authuser to make that
>>work. Specifically, after Authuser checks crypt() to see if the password
>>is valid, it checks for sha1() via an elseif block.
> 
> 
> Authuser.php has a _crypt() function that is supposed to 
> understand SHA1 encryption as long as the encrypted password 
> begins with '{SHA}'.  Are the encrypted passwords in the database 
> not stored with a '{SHA}' prefix...?  (It's no problem if they 
> aren't -- I just wanted to check.)

Database stores as char (32, I think). The only reason I realized they 
were using sha1() is when I tried md5() and got an odd response then 
went snooping through their code. The encryption is otherwise raw.

I didn't use _crypt() because it didn't work--but now I know why. I 
figured the easiest-enough way is to set up a case-statement and run 
through the realm of encryption from most probable to least--the most 
probable being PmWiki's internally prefered mechanism. Then, you don't 
need to do anything special to detect.

Ben





More information about the pmwiki-users mailing list