: How does mediawiki save the passwords? I have mediawiki installed in my local machine. I had to use a form outside wiki which asks the user to upload files with the wiki username and password.
I have mediawiki installed in my local machine. I had to use a form outside wiki which asks the user to upload files with the wiki username and password. In order to achieve this I went through the database and found in the user table a user's password: :B:4700e0cf:6f650d779329f7d4de5dffe728bf30d8 which was in the user_password column which is a tinyblob(opened the bin file got from db and got the above password). So my question is:
How do I check this with the password entered by the user in the external form?
In what form(encryption) this password is saved in the database?
More posts by @Heady270
2 Comments
Sorted by latest first Latest Oldest Best
B in this password means that this encryption uses random salt, than md5(saltWithDash . md5(password)).
If you want to check user input with password from database, you need to extract salt from password and combine user password with that salt. Next, compare this two hashes, and if matches, user password is valid.
<?php
$password = 'password'; // user input
$storedPassword = ':B:838c83e1:e4ab7024509eef084cdabd03d8b2972c'; // password from database, password is "password" (without quotes).
//extract salt from password
$salt = explode(':', $storedPassword);
// salt is stored in $salt[2], use print_r($salt) to check
$hashUserPassword = ':B:' . $salt[2] . ':' . md5($salt[2] . '-' . md5($password)); // hashing user password in same method as wikimedia, hash will be the same as password from database
//compare this two passwords
if ($storedPassword === $hashUserPassword) {
// Log user
} else {
// Wrong password
}
?>
Hope this helps someone:
This is how mediawiki saves the user password in the database.
Please see @Aleksander 's answer for more details.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.