问题描述
我在 Joomla 之外创建了一个可以成功生成 Joomla 密码的脚本:
I created a script outside of Joomla that can successfully generate a Joomla password:
// I copied the JUserHelper class from Joomla here
$salt = JUserHelper::genRandomPassword(32);
$crypt = JUserHelper::getCryptedPassword($password, $salt);
$psw = $crypt.':'.$salt;
我的问题是,如何将上面生成的这个新 crypt:salt 与 Joomla 数据库中现有用户的密码进行比较,并知道提供给上述脚本的密码是否是该用户在数据库?
My question is, how can I compare this new crypt:salt I generate above to a password of an existing user in the Joomla database, and know if the password supplied to the script above is the correct password for that user in the database?
推荐答案
一种方法是直接查询 Joomla 数据库以获取用户的(加盐和散列)密码,然后进行比较.根据我从一些谷歌搜索中看到的内容,我认为下面的查询应该适用.我已在 Wordpress 中完成此操作,因此我假设 Joomla 会类似.
One way would be to query the Joomla database directly to get a user's (salted and hashed) password, then compare. I think the below query should work for that, based on what I have seen from a few google searches. I have done this in Wordpress, so I'm assuming Joomla would be similar.
select 'password' from `jos_users` WHERE `username` = "Bob";
这篇关于用于在 Joomla 中验证正确密码的自定义 PHP 函数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!