Xataface Forums

Put a face on your database
http://xataface.com/forum/

Joomla integration with xataface

http://xataface.com/forum/viewtopic.php?f=4&t=4459

Page 1 of 1

Joomla integration with xataface

PostPosted: Sat May 03, 2008 7:12 am
by fantomasdm
I need to use user authentication of joomla 1.5 table. But for check password I have to use a special algorithm (md5 + salt). Is a way to do this?
Is possible to write my check password function?

PostPosted: Sat May 03, 2008 9:01 am
by shannah
You can implement the xxx__serialize() method in the delegate class to make this possible. All values are serialized before being inserted or compared in the database and this method overrides how that serialization takes place.

e.g. if the column name is 'password', the the users table delegate class would contain a method like:

Code: Select all
function password__serialize($value){
    return my_special_encryption($value);
}


Note that if you were only using MD5 (and not the combination as you describe, this could have been accomplished with the 'encryption' property in the fields.ini file.

In fact, If you wouldn't mind posting your solution for your serialize function I can add this to the next release of xataface as the 'joomla' encryption so that it will also be able to be achieved via the encryption parameter. Currently only MD5, PASSWORD, SHA1, and ENCRYPT are supported.

-Steve

PostPosted: Sun May 04, 2008 6:09 am
by fantomasdm
It works....but I'm not sure if it is correct....

Code: Select all
function password__serialize($password){

   $app =& Dataface_Application::getInstance();
   $query = "SELECT id, gid, block, password, usertype FROM jos_users where username='".$_POST['UserName']."'";
    $risultato = mysql_query($query,$app->db()) or die("Query fallita: " . mysql_error() );

   $linea = mysql_fetch_array($risultato, MYSQL_ASSOC);
    /* Liberazione delle risorse del risultato */
    mysql_free_result($risultato);

   $arraypass=explode(":", $linea['password']);
   $salt=$arraypass[1];
   
   $ret = md5(trim($password).$salt).":".$salt;
   return $ret;
}
   

PostPosted: Sun May 04, 2008 9:14 am
by shannah
Well, this is doing a bit of extra stuff that it doesn't need to do. The __serialize method receives the password as a parameter, which you are meant to encode:

Code: Select all
function password__serialize($password){

   $arraypass=explode(":",$password);
   $salt=$arraypass[1];
   
   $ret = md5(trim($password).$salt).":".$salt;
   return $ret;
}

PostPosted: Mon May 05, 2008 11:58 pm
by fantomasdm
Hi, The salt is calculated on registration by an randomic algorithm on create password, so to get md5(pwd.salt) I have to read it from database.
All times are UTC - 7 hours
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/