phplist password encryption

Technical discussion for developers and service providers

phplist password encryption

Postby libarymark » 12:13pm, Wed 06 Aug, 2014

Hello -

We are using phplist to manage an email list for a public library. I would also like to use it's database to authenticate users who wish to store session data on our server using their email address. I did not want to write my own email credential manager.

I understand that the encryption phplist is using is sha256, but I could not make it work when trying to authenticate to the DB. Is there something going on with the encryption that I am missing? I am a mediocre PHP programmer, and while I looked over the code, it did not appear to me that there is any salt or such added to the password.

Can someone point me in the right direction?

Thanks!

Library Mark
libarymark
phpList newbie
 
Posts: 2
Joined: 12:05pm, Wed 06 Aug, 2014

Re: phplist password encryption

Postby duncanc » 1:13pm, Wed 06 Aug, 2014

It should be as simple as this, so long as the algorithm really is sha256. If you used user passwords in an earlier release of phplist then a different algorithm might have been used.

Code: Select all
hash('sha256', $password);

To confirm this, at a command prompt hash a password that you know and compare to the value stored in the database.
Code: Select all
 php -r "echo hash('sha256', 'mypassword');"
duncanc
Moderator
 
Posts: 2440
Joined: 6:34am, Sat 08 May, 2010
Location: London

Re: phplist password encryption

Postby libarymark » 3:05pm, Sat 16 Aug, 2014

Thanks, duncanc! I don't know why I could not make that work but it does now.
libarymark
phpList newbie
 
Posts: 2
Joined: 12:05pm, Wed 06 Aug, 2014


Return to Developers Space

Who is online

Users browsing this forum: No registered users and 2 guests

cron