Mobile app version of vmapp.org
Login or Join
Heady270

: How does mediawiki save the passwords? I have mediawiki installed in my local machine. I had to use a form outside wiki which asks the user to upload files with the wiki username and password.

@Heady270

Posted in: #Mediawiki #Mysql #Password #Php

I have mediawiki installed in my local machine. I had to use a form outside wiki which asks the user to upload files with the wiki username and password. In order to achieve this I went through the database and found in the user table a user's password: :B:4700e0cf:6f650d779329f7d4de5dffe728bf30d8 which was in the user_password column which is a tinyblob(opened the bin file got from db and got the above password). So my question is:

How do I check this with the password entered by the user in the external form?

In what form(encryption) this password is saved in the database?

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Heady270

2 Comments

Sorted by latest first Latest Oldest Best

 

@Merenda212

B in this password means that this encryption uses random salt, than md5(saltWithDash . md5(password)).

If you want to check user input with password from database, you need to extract salt from password and combine user password with that salt. Next, compare this two hashes, and if matches, user password is valid.

<?php

$password = 'password'; // user input

$storedPassword = ':B:838c83e1:e4ab7024509eef084cdabd03d8b2972c'; // password from database, password is "password" (without quotes).

//extract salt from password
$salt = explode(':', $storedPassword);

// salt is stored in $salt[2], use print_r($salt) to check

$hashUserPassword = ':B:' . $salt[2] . ':' . md5($salt[2] . '-' . md5($password)); // hashing user password in same method as wikimedia, hash will be the same as password from database

//compare this two passwords

if ($storedPassword === $hashUserPassword) {
// Log user
} else {
// Wrong password
}
?>

10% popularity Vote Up Vote Down


 

@Martha676

Hope this helps someone:
This is how mediawiki saves the user password in the database.

Please see @Aleksander 's answer for more details.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme