[pmwiki-users] Problem using dbauth.php with authuser.php

Patrick R. Michaud pmichaud at pobox.com
Sun Oct 16 23:44:37 CDT 2005


On Sun, Oct 16, 2005 at 09:16:25PM -0700, Ahmed Ibrahim wrote:
> I'm running into a problem using dbauth.php with
> authuser.php. dbauth.php is able to access the MySQL
> database and extract the correct information. However,
> authuser.php isn't able to authenticate the user
> because the password hashes don't match. The database
> password is an MD5 hash yet authuser.php appears to be
> treating it as a standard Unix crypt. For example, the
> database contains the password "password." Its MD5
> hash is:
> 
> 5f4dcc3b5aa765d61d8327deb882cf99
> 
> Which dbauth.php correctly retrieves. However,
> authuser.php gives the hash:
> 
> 5fjgIzboD2FrE
> 
> Obviously authuser.php is having trouble with MD5
> encrypted passwords. Any help please?

Note that there are several forms of "md5 encryption"
available for passwords; MySQL's version is just another
version.  (It does a straight md5 encryption of the
password, with no salt or other randomizing components.)

Still, it wouldn't be too hard for me to adapt authuser.php
to perform and accept straight md5 encryptions, so perhaps
I should see about doing that.

Also, the dbauth.php script is somewhat inefficient about
handling passwords -- it reads in the entire password database
instead of just the record being authenticated, so this
could probably be fixed as well.

Pm




More information about the pmwiki-users mailing list