I have my own little website and encrypting with sha1, now i try connect it to a SMF forum, but the sha1 codes is not the same?
My code
$password = "thisisatestpass";
$encrypted_password=sha1($password);
echo $encrypted_password; //03d858ce5f3b29b153b0392f196cff6f6e8684d0
SMF: 78481983d348ce4fbfabaccbb59af8ea95471f0c
According to this thread, SMF salts the password with the lowercased username before passing it through sha1.
Try sha1(strtolower($your_username) . $password);
You'll need to find the salt used and then try to hash with
sha1($the_salt.$password);
You should try looking for the hash with phpMyAdmin in the tables used by SMF. And according to what I see on smf support forums, using an alternate integration with hooks must be more robust (keeping in mind the changes done to hashing in the previous versions)
As i know, SMF use salt for hashes. So, try to look for salt in database.
Looking into the source code of SMF 2.0.8 (Profile-Modify.php) you can see that the password is generated as follows:
// Go then.
$passwd = sha1(strtolower($cur_profile['member_name']) . un_htmlspecialchars($_POST['passwrd1']));
Please be aware that you need SMF un_htmlspecialchars() function in order to get 100% correct results.
I got it, you don't need the SALT to do this, all you need is the username and the password.
The PHP code looks like this:
$username = "name";
$password = "pass";
$login = sha1($username.$password);
I asked for this and i just needed some time to try many ways, then this one worked. Thx any way guys :)
