Encryption

[Tom]

Does anyone know what type of encryption phpvms uses for the passwords?

Thanks

[simpilot]

It uses a standard md5 hash plus a random salt string to further encrypt user passwords. Both the md5 string and the user specific salt string are saved in the _pilots table in the db. Hope this helps.

[Tom]

Thanks

[Tom]

How are the password and salt etc used?

We're making an app for our VA and we want to only allow registered users, so what do we need to do to the plain text password to match what's in the database?

[simpilot]

You could use something like this ->

$password = md5(your_user_input_password. your_user_salt_from_db);

if($password == your_user_password_from_db)

        { do stuff }

[Tom]

Ok I'm doing that and the hash which is returned does not match the hash for my password in the database.

[simpilot]

hmmm....  can you put your page code up at pastebin and post the link here

[Tom]

Actually don't worry, I was doing something wrong. I've just realised. Thanks

[Nabeel]

You can use the API's login() function which will see if the password matches? Is that what you're trying to do?

[Tom]

I have it working now thanks. I don't know how to use all that though.