Changing Joomla Authentication Schema to clear
- Details
- Category: Technology
Unfortunately Joomla from version 1.5 (which I've noticed, and probably 1.0 as well) does not save your encrypted passwords hop classic format: encrypted, but does the opposite. This complicates the interaction with other programs wishing to use the access database to authenticate. Fortunately there is a way to do it, with the risk involved that the password must be kept clear.
Configuration
To do this, you must perform the following steps:
- edit the file libraries / joomla / user / helper.php file and change
public static function getCryptedPassword ($ plaintext, $ salt ='', $ encryption = 'md5-hex', $ show_encrypt = false)
by
public static function getCryptedPassword ($ plaintext, $ salt ='', $ encryption = 'plain', $ show_encrypt = false) - edit the file libraries / joomla file / user / user.php and change all occurrences of
$ Array ['password'] = $ crypt. ':'. $ Salt;
by
$ Array ['password'] = $ crypt; / /. ':'. $ Salt;
Tested on Joomla 1.5 and 3.1.4
Joomla 3.2 is a little different:
- edit the file libraries / phpass / PasswordHash.php and change
$ Match = JCrypt :: timingSafeCompare ($ hash, $ testcrypt);
by
$ Match = JCrypt :: timingSafeCompare ($ hash, $ testcrypt) | | JCrypt :: timingSafeCompare ($ hash, $ password); - edit the file libraries / joomla / user / user.php file, find the routinefunction HashPassword ($ password)and add
return $ password;
at the begining of the routine
Tested on Joomla 3.2.2
Joomla 3.3.0 is almost the same.
- edit the file libraries / joomla / user / helper file and change
$ Match = JCrypt :: timingSafeCompare ($ hash, $ testcrypt);
by
$ Match = JCrypt :: timingSafeCompare ($ hash, $ testcrypt) | | JCrypt :: timingSafeCompare ($ hash, $ password); - in the same file, find the routinefunction HashPassword ($ password)and add
return $ password;
at the beginning of the routine - in the same file, change
public static function getCryptedPassword ($ plaintext, $ salt ='', $ encryption = 'md5-hex', $ show_encrypt = false)
by
public static function getCryptedPassword ($ plaintext, $ salt ='', $ encryption = 'plain', $ show_encrypt = false)
Tested on Joomla 3.3.0 and 3.4.x
Enjoy!
blog comments powered by DisqusMost Read Posts in Technology
About
Read about IT, Migration, Business, Money, Marketing and other subjects.
Some subjects: FusionPBX, FreeSWITCH, Linux, Security, Canada, Cryptocurrency, Trading.