I am going to manipulate the Drupal users table externally. I know that the password in Drupal 6 is generated as an md5 hash, but I'm wondering what the input to the md5 function is. Obviously, it includes the password, but what else? Tnx, Bill
William A. Prothero http://earthednet.org/
More: What I want to do is create the md5 hashed password outside of Drupal, using the values in the 'users' table. This would, presumably, include the username, email, and password.
If this is a dangerous thing to do re corruption of my Drupal site, I'd be interested in hearing about it, too.
What I'm trying to do is integrate a shockwave movie into my Drupal site. I know there are other strategies, but I have a login system in my shockwave movie and will have to generate an md5 has to compare with the Drupal stored hash. Alternatively, I could put my shockwave content on a Drupal node that is only available to authenticated users, and skip the login. As I think about it, that seems a better approach. Then Drupal does a bunch of management that I don't need to do in Shockwave.
Thanks, Bill
William A. Prothero http://earthednet.org/
On Mar 15, 2011, at 4:39 PM, prothero wrote:
I am going to manipulate the Drupal users table externally. I know that the password in Drupal 6 is generated as an md5 hash, but I'm wondering what the input to the md5 function is. Obviously, it includes the password, but what else? Tnx, Bill
William A. Prothero http://earthednet.org/
-- [ Drupal support list | http://lists.drupal.org/ ]
Even more: My shockwave movie needs to have access to the user ID of the Drupal logged in user. So, I will need to somehow get the user ID into the shockwave movie. Looks like I may be in for some coding, as I don't see a way to do this with a module. The only other way is to have two separate login systems, and that seems cumbersome for the users. Bill
William A. Prothero http://earthednet.org/
On Mar 15, 2011, at 5:18 PM, prothero wrote:
More: What I want to do is create the md5 hashed password outside of Drupal, using the values in the 'users' table. This would, presumably, include the username, email, and password.
If this is a dangerous thing to do re corruption of my Drupal site, I'd be interested in hearing about it, too.
What I'm trying to do is integrate a shockwave movie into my Drupal site. I know there are other strategies, but I have a login system in my shockwave movie and will have to generate an md5 has to compare with the Drupal stored hash. Alternatively, I could put my shockwave content on a Drupal node that is only available to authenticated users, and skip the login. As I think about it, that seems a better approach. Then Drupal does a bunch of management that I don't need to do in Shockwave.
Thanks, Bill
William A. Prothero http://earthednet.org/
On Mar 15, 2011, at 4:39 PM, prothero wrote:
I am going to manipulate the Drupal users table externally. I know that the password in Drupal 6 is generated as an md5 hash, but I'm wondering what the input to the md5 function is. Obviously, it includes the password, but what else? Tnx, Bill
William A. Prothero http://earthednet.org/
-- [ Drupal support list | http://lists.drupal.org/ ]
-- [ Drupal support list | http://lists.drupal.org/ ]
Hi,
Generally manipulating Drupal from outside Drupal is not a good thing. If you do want to do this, I would recommend that you use the services module to use that to talk to Drupal. At least doing it this way it is going to do everything and all the associated things correctly.
Gordon.
On 16/03/2011, at 11:18 AM, prothero wrote:
More: What I want to do is create the md5 hashed password outside of Drupal, using the values in the 'users' table. This would, presumably, include the username, email, and password.
If this is a dangerous thing to do re corruption of my Drupal site, I'd be interested in hearing about it, too.
What I'm trying to do is integrate a shockwave movie into my Drupal site. I know there are other strategies, but I have a login system in my shockwave movie and will have to generate an md5 has to compare with the Drupal stored hash. Alternatively, I could put my shockwave content on a Drupal node that is only available to authenticated users, and skip the login. As I think about it, that seems a better approach. Then Drupal does a bunch of management that I don't need to do in Shockwave.
Thanks, Bill
William A. Prothero http://earthednet.org/
On Mar 15, 2011, at 4:39 PM, prothero wrote:
I am going to manipulate the Drupal users table externally. I know that the password in Drupal 6 is generated as an md5 hash, but I'm wondering what the input to the md5 function is. Obviously, it includes the password, but what else? Tnx, Bill
William A. Prothero http://earthednet.org/
-- [ Drupal support list | http://lists.drupal.org/ ]
-- [ Drupal support list | http://lists.drupal.org/ ]
Hello,
The password in Drupal is generated via MD5 function which is a default in PHP. Apart from the password, there is nothing that gets added to the password. You can check function user_save in user module, which directly sends the value in md5 format, that will provide you some more clarity.
I think you are talking of a SALT value that gets added, but this is not the case in drupal 6, as it is using MD5 However, in Drupal 7, SALT is used and MD5 is not followed to save the passwords.
On Wed, Mar 16, 2011 at 5:09 AM, prothero prothero@geol.ucsb.edu wrote:
I am going to manipulate the Drupal users table externally. I know that the password in Drupal 6 is generated as an md5 hash, but I'm wondering what the input to the md5 function is. Obviously, it includes the password, but what else? Tnx, Bill
William A. Prothero
-- [ Drupal support list | http://lists.drupal.org/ ]
Tnx. But, when I use md5("myPassword"), I don't get the same result that is shown in Drupal's users table (the 'pass' field) for that user. There must be something else. Bill
William A. Prothero http://earthednet.org/
On Mar 15, 2011, at 8:46 PM, Vaibhav Jain wrote:
Hello,
The password in Drupal is generated via MD5 function which is a default in PHP. Apart from the password, there is nothing that gets added to the password. You can check function user_save in user module, which directly sends the value in md5 format, that will provide you some more clarity.
I think you are talking of a SALT value that gets added, but this is not the case in drupal 6, as it is using MD5 However, in Drupal 7, SALT is used and MD5 is not followed to save the passwords.
On Wed, Mar 16, 2011 at 5:09 AM, prothero prothero@geol.ucsb.edu wrote: I am going to manipulate the Drupal users table externally. I know that the password in Drupal 6 is generated as an md5 hash, but I'm wondering what the input to the md5 function is. Obviously, it includes the password, but what else? Tnx, Bill
William A. Prothero http://earthednet.org/
-- [ Drupal support list | http://lists.drupal.org/ ]
-- Regards, Vaibhav Jain -- [ Drupal support list | http://lists.drupal.org/ ]
Drupal 7 has a different function. See scripts/password-hash.sh
On Tue, Mar 15, 2011 at 10:44 PM, prothero prothero@geol.ucsb.edu wrote:
Tnx. But, when I use md5("myPassword"), I don't get the same result that is shown in Drupal's users table (the 'pass' field) for that user. There must be something else. Bill
William A. Prothero
On Mar 15, 2011, at 8:46 PM, Vaibhav Jain wrote:
Hello,
The password in Drupal is generated via MD5 function which is a default in PHP. Apart from the password, there is nothing that gets added to the password. You can check function user_save in user module, which directly sends the value in md5 format, that will provide you some more clarity.
I think you are talking of a SALT value that gets added, but this is not the case in drupal 6, as it is using MD5 However, in Drupal 7, SALT is used and MD5 is not followed to save the passwords.
On Wed, Mar 16, 2011 at 5:09 AM, prothero prothero@geol.ucsb.edu wrote:
I am going to manipulate the Drupal users table externally. I know that the password in Drupal 6 is generated as an md5 hash, but I'm wondering what the input to the md5 function is. Obviously, it includes the password, but what else? Tnx, Bill
William A. Prothero http://earthednet.org/
-- [ Drupal support list | http://lists.drupal.org/ ]
-- Regards, Vaibhav Jain -- [ Drupal support list | http://lists.drupal.org/ ]
-- [ Drupal support list | http://lists.drupal.org/ ]
Hey William,
I just rechecked it again on D6, works fine. MD5 has a property that when a hash is generated, it will always yield the same hash for a particular word / password
The case you are talking of can be in D7, please confirm if it is drupal 6 of drupal 7
On Wed, Mar 16, 2011 at 10:14 AM, prothero prothero@geol.ucsb.edu wrote:
Tnx. But, when I use md5("myPassword"), I don't get the same result that is shown in Drupal's users table (the 'pass' field) for that user. There must be something else. Bill
William A. Prothero
On Mar 15, 2011, at 8:46 PM, Vaibhav Jain wrote:
Hello,
The password in Drupal is generated via MD5 function which is a default in PHP. Apart from the password, there is nothing that gets added to the password. You can check function user_save in user module, which directly sends the value in md5 format, that will provide you some more clarity.
I think you are talking of a SALT value that gets added, but this is not the case in drupal 6, as it is using MD5 However, in Drupal 7, SALT is used and MD5 is not followed to save the passwords.
On Wed, Mar 16, 2011 at 5:09 AM, prothero prothero@geol.ucsb.edu wrote:
I am going to manipulate the Drupal users table externally. I know that the password in Drupal 6 is generated as an md5 hash, but I'm wondering what the input to the md5 function is. Obviously, it includes the password, but what else? Tnx, Bill
William A. Prothero http://earthednet.org/
-- [ Drupal support list | http://lists.drupal.org/ ]
-- Regards, Vaibhav Jain -- [ Drupal support list | http://lists.drupal.org/ ]
-- [ Drupal support list | http://lists.drupal.org/ ]
Hmm... I'm in Drupal 6. I checked again and had a dumb php mistake. I'd edited an older script and forgot to remove a line.
However, this has been helpful in getting me to take a second look. Thanks for checking me. Bill
William A. Prothero http://earthednet.org/
On Mar 15, 2011, at 10:02 PM, Vaibhav Jain wrote:
Hey William,
I just rechecked it again on D6, works fine. MD5 has a property that when a hash is generated, it will always yield the same hash for a particular word / password
The case you are talking of can be in D7, please confirm if it is drupal 6 of drupal 7
On Wed, Mar 16, 2011 at 10:14 AM, prothero prothero@geol.ucsb.edu wrote: Tnx. But, when I use md5("myPassword"), I don't get the same result that is shown in Drupal's users table (the 'pass' field) for that user. There must be something else. Bill
William A. Prothero http://earthednet.org/
On Mar 15, 2011, at 8:46 PM, Vaibhav Jain wrote:
Hello,
The password in Drupal is generated via MD5 function which is a default in PHP. Apart from the password, there is nothing that gets added to the password. You can check function user_save in user module, which directly sends the value in md5 format, that will provide you some more clarity.
I think you are talking of a SALT value that gets added, but this is not the case in drupal 6, as it is using MD5 However, in Drupal 7, SALT is used and MD5 is not followed to save the passwords.
On Wed, Mar 16, 2011 at 5:09 AM, prothero prothero@geol.ucsb.edu wrote: I am going to manipulate the Drupal users table externally. I know that the password in Drupal 6 is generated as an md5 hash, but I'm wondering what the input to the md5 function is. Obviously, it includes the password, but what else? Tnx, Bill
William A. Prothero http://earthednet.org/
-- [ Drupal support list | http://lists.drupal.org/ ]
-- Regards, Vaibhav Jain -- [ Drupal support list | http://lists.drupal.org/ ]
-- [ Drupal support list | http://lists.drupal.org/ ]
-- Regards, Vaibhav Jain -- [ Drupal support list | http://lists.drupal.org/ ]
-
Carl Wiedemann -
Gordon Heydon -
prothero -
Vaibhav Jain