I need to access the joomla user table jos_users for login checking from external php script [codeignitor].
joomla storing password like this
4e9e4bcc5752d6f939aedb42408fd3aa:0vURRbyY8Ea0tlvnTFn7xcKpjTFyn0YT
Looks like this is not the normal MD5 ,so i cannot use md5(password) .
what is the possible way to create the password ?
Thank you.
Answer
Joomla passwords are MD5 hashed, but the passwords are salted before being hashed.
They are stored in the database as {hash}:{salt} this salt is a random string 32 characters in length.
So to create a new password hash you would do md5($password.$salt)
EDIT
Okay so for checking a password, say a user myguy enters the password mypassword, you would retrieve the row from the database that has username myguy.
In this row you'll find a password say 4e9e4bcc5752d6f939aedb42408fd3aa:0vURRbyY8Ea0tlvnTFn7xcKpjTFyn0YT.
You split up the password hash and the salt:
$hashparts = preg_split (':' , $dbpassword);
echo $hashparts[0]; //this is the hash 4e9e4bcc5752d6f939aedb42408fd3aa
echo $hashparts[1]; //this is the salt 0vURRbyY8Ea0tlvnTFn7xcKpjTFyn0YT
now calculate the hash using this salt and the password myguy entered
$userhash = md5($userpassword.$hashparts[1]); // This would be 'mypassword' and the salt used in the original hash
Now if this $userhash and $hashparts[0] are identical the user has entered the correct password.