Hello Farmy, The code you posted helps and this examples the PHP algorithm: http://pythonhosted.org/passlib/lib/passlib.hash.phpass.html
I recorded this in Python: import random, hashlib class PHPHash(object): CHARS = '0123456789abcdefghijklmoqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ' def __init__(self,secret,rounds=10): self.secret = secret self.rounds = rounds def hash(self,password, salt=None): if salt is None: salt = ''.join(random.choice(self.CHARS) for i in range(8)) checksum = hashlib.md5(salt+self.secret).hexdigest() for k in range(2**self.rounds): checksum = hashlib.md5(checksum+password).hexdigest() hashed = '$P$%s%s%s' % (chr(self.rounds+ord('0')-5),salt,checksum) return hashed p = PHPHash('mysecret', rounds=13) print p.hash('mypassword') Please check it an make sure you can reproduce the PHP passwords. Once that's done we can try implement a custom validator, based on CRYPT that will work with them. Massimo On Sunday, 22 June 2014 15:40:32 UTC-5, farmy zdrowia wrote: > > I did kind of investigation by myself. > I can see CB uses new Joomla "Portable PHP password hashing framework" > functionality to crypt password. I noticed CB run on joomla 3.2.1, > while my other site is on Joomla 2 > > Anyway at the end of pasword cryption chain there is a function > hashPassword and verifyPassword in libraries/joomla/user/helper.php > > abstract class JUserHelper > public static function hashPassword($password) > { > // Use PHPass's portable hashes with a cost of 10. > $phpass = new PasswordHash(10, true); > > return $phpass->HashPassword($password); > } > > > public static function verifyPassword($password, $hash, $user_id = > 0) > { > $rehash = false; > $match = false; > > // If we are using phpass > if (strpos($hash, '$P$') === 0) > { > // Use PHPass's portable hashes with a cost of 10. > $phpass = new PasswordHash(10, true); > > $match = $phpass->CheckPassword($password, $hash); > > $rehash = false; > } > > > Indeed all my passwords starts with "$P$" > > Whole algorithm to crypt CB/Joomla3.2.1 password is in file > libraries/phpass/PasswordHash.php > > > > Question now is how to transform it to web2py CUSTOMER validator. I'll > need your help > > > > > >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.