0

I am trying to integrate a Simple Machines Forum, more specifically the database for users and logins etc, into my project.

I don't really want to use an external web call as I am doing this, as much as possible, in MySQL, so I might have the crypto functions needed in there.

How does SMF verify the password (passwd), I have noticed there is a password_salt, how are these elements used to verify a plain text password?

Jjj
  • 155
  • 1
  • 13

1 Answers1

1

I've found the answer in pure MySQL. You lowercase the member name, combine it with the plain text password, and SHA 1 hash the contents. The query below shows the stored hashed password, username (make sure you've got the right account) and the manual hashed password.

select passwd, member_name, SHA1( CONCAT( LOWER( member_name ) , 'test' ) ) as hashed
from smf_forum_members
where member_name = 'name'
Jjj
  • 155
  • 1
  • 13