Search the Community
Showing results for tags 'hash'.
-
Hi everyone, i want to create a user on the fly with sso, i recieve the password already hashed and want to save the user without having the password hashed by processwire afterwards. so far i could leave it rehashed in the database as long as the customer does not want to allow the users to use the direct loginmask. but if that changes, i would be in trouble. so is there a processwire way to do this or do i have to put the user in manually. i know we will have someone intelligent helping me out here
- 5 replies
-
- usercreation
- api
-
(and 2 more)
Tagged with:
-
Hello, I'm learning about password management/security in order to synchronize logins between PW users and Foxycart. In Foxycart I need to choose the password hash type I'm using. In my installation of PW wire->config.php shows: $config->userAuthHashType = 'sha1'; But in the post https://processwire.com/talk/topic/2954-password-hashing/ Ryan says: I'm using 2.4.4 version. As the server which PW shows blowfish is available I understand PW is using it. Foxycart doesn´t list this hash algorithm available. So, where should I change the hash method in wire->config? but it is overriden if blowfish is available in the server anyway? I'm a bit lost here , any direction / help would be appreciated.
-
Im working on a sort of "friend request" script for a front end user profile. the user template has the following extra fields of the type Page friend_invite_in friend_invite_out friend_confirmed There will be a ajax post containing the username when pressing a button to send a friend request. Lets say user "A" does a request for user "B" to become friends. The ajax script should handle the post and add the foloowing page references: User "A" will receive a page reference to user "B" in the friend_invite_out field. User "B" will receive a page reference to user "A" in the friend_invite_in field. Then user "B" can confirm, so that the page references are moved in the following manner: User "A" page reference to user "B" will be moved from friend_invite_out field to friend_confirmed field User "B" page reference to user "A" will be moved from friend_invite_in field to friend_confirmed field This i kinda the logic behind the whole process. But to prevent sending clear usernames i would like to have a md5 hash in my HTML/jQuery code. This is no problem to do with PHP. But how would i make a selector that can handle this md5 hash and get the right user? // this does not work! $md5 = $this->input->post->userid; $u = $this->users->get("MD5(name)=$md5"); In MySQL it the query would be something like this (havent tested it) SELECT * FROM users WHERE MD5(name)=$md5
-
Error: Unable to Generate Hash when trying to login into Admin
sam posted a topic in General Support
Hi, I'm new to Processwire and I have to say that after reading through your forum and some of your tutorials I have taken the plunge and installed PW and quite like the CMF/CMS that you have developed and congratulate you and your communities efforts to date. I have come up against a problem when trying to develop between multiple environments i.e. dev, staging, production. The problem I am facing is that after doing and ProcessWire 2.2.13 installation (without problems) on my dev environment and then I move the site to staging or another developers environment, when I try to login to the Administration area I get a error "Unable to generate password hash". I have tried to empty cache, both browser and physical files and still get the error message and I can't login to the control panel. My Staging environments is running Apache 2 and PHP 5.2.17 (can't upgrade to 5.3 or 5.4 due to another cms legacy issue) and my Dev environment runs on MAMP 2.0 with Apache 2 and PHP 5.2.17 also. I have checked AMP logs and can't see anything out of the ordinary there. Just wondering if I'm missing anything. Any help would be greatly appreciated. Cheers Sambo. -
Hey guys, I'm really new to Processwire, found it like two days ago but already love it I just had a look at the wire folder and came across the userAuthHashType in config.php. This is set to sha1 which is not too secure, it would be good to use a different hashing method. If I'm right version 2.4 (?) will make use of all these nice PHP 5.3+ features, as well as Composer. PHP 5.4 will fight bad password hashing providing a password_hash() function, until then it might be good to use the ircmaxell/password_compat library. What do you think?
-
Hey, I've searched for a while but with no results and I am anxious to get this done. I want to create a user password change script that changes the password to do this the user needs to fill in her/his old password. No problem but since PW does hash all passwords i cant just compare a hashed to a plain text password now can I. So I looked throught the wire folder and I couldn't really find something. How can I hash the password so I can compare it? Many thanks!
-
Hello everyone, I'm using the URL fieldtype to provide an alternative url for some pages but now I need the ability to use, like the title says, GET parameters or url hashes. It seems that is unsupported right now, so I would like to ask you good fellows if you have been in the same situation and if there's a solution to this? Thank you very much.