Page 1 of 1
Can I remove password encryption
Posted: Wed Apr 16, 2008 12:24 am
by drewhart71
I am registering users in another application and sending the user information directly to the user database via php. Obviously, the password doesn't encrypt that way. Is there a way to turn off the encryption and/or does someone know the php/script or whatever I would need to run a straight forward numerical password to make it encrypted before writing it to the database. Many thanks in advance,
Drew
Re: Can I remove password encryption
Posted: Wed Apr 16, 2008 10:14 am
by thoms
I would definitely not remove the password encryption.
CSMms uses standard encryption via md5:
http://de.php.net/manual/en/function.md5.php
You can easily find that it in the admin/adduser.php:
Code: Select all
#$query = "INSERT INTO ".cms_db_prefix()."users (user_id, username, password, active, create_date, modified_date) VALUES ($new_user_id, ".$db->qstr($user).", ".$db->qstr(md5($password)).", $active, '".$db->DBTimeStamp(time())."', '".$db->DBTimeStamp(time())."')";
or the lib/classes/class.user.inc.php:
Code: Select all
function SetPassword($password)
{
$this->password = md5($password);
}
So all you need is to md5 your passwords before saving it to the database.
Thomas