Hi @ygleby,
I don’t believe it currently does. I’m not familiar with this one.
If you can give me some example PHP to show me how to verify your hash I may be able to integrate it into the plugin.
How is the salt stored for your passwords?
Thanks,
Tom
Rfc2898DeriveBytes implementation of PBKDF2. I think it’s based on HMACSHA1
Thread Starter
ygleby
(@ygleby)
Hi @tbenyon
I use “at_least_16_byte” salt for my passwords.
Hey @ygleby,
Thanks for contributing @delaycloud111. 🙂
@ygleby, could you please create a new user with the password ‘password1’ so that I can experiment and test to make sure the method I use to validate a password works with an examaple hash you have generated.
Thanks,
Tom
Thread Starter
ygleby
(@ygleby)
Hey @tbenyon !
Create this account on my wordpress site?
+1 need this to..
function pbkdf2(string $username, string $password, string $passwordSalt)
{
$iterations = 10000;
$length = 40;
$salt = $passwordSalt . $username;
$hash = hash_pbkdf2("sha1", $password, $salt, $iterations, $length);
$hash = \strtoupper($hash);
return $hash;
}
@tbenyon
-
This reply was modified 6 years, 6 months ago by
underdigital.
Hi All,
Sincere apologies for taking so long to reply. Life’s been busy.
Thank you for the code @underdigital. The integration mentioned above is quite custom for each user.
Things that change for each user are:
how salt is handled (in your case salt is added to the beginning of the password)
To make this reusable I am going to add functionality to allow something like the custom function to be called from a plugin hook.
I am midway through developing this code already.
You as the user would need to add code similar to this to your functions.php file.
function myExlogHashAuthenticator($password, $hashFromDatabase, $username) {
$iterations = 10000;
$length = 40;
$salt = $passwordSalt . $username;
$hash = hash_pbkdf2("sha1", $password, $salt, $iterations, $length);
$hash = \strtoupper($hash);
return $hash == $hashFromDatabase;
}
add_filter('exlog_hook_filter_authenticate_hash', 'myExlogHashAuthenticator', 10, 2);
Let me know if any of you have any hesitations about this but my plan is to get this out as the next release.
Tom
Hey All,
Just letting you know that this feature is now complete and released in V1.8.4.
You can see some basic documentation here.
I will close this ticket for now, however if you have any questions or issues please get back in contact here 🙂
Thanks,
Tom
@tbenyon Good! You are awsome, sorry for the late response!
Still getting an error on it, (no php dev :-P)
Fatal error: Uncaught ArgumentCountError: Too few arguments to function myExlogHashAuthenticator(), 2 passed in D:\World of Eldritch\World of Eldritch Website\root\demo\wp-includes\class-wp-hook.php on line 290 and exactly 3 expected in D:\World of Eldritch\World of Eldritch Website\root\demo\wp-content\themes\twentytwenty\functions.php:686 Stack trace: #0 D:\World of Eldritch\World of Eldritch Website\root\demo\wp-includes\class-wp-hook.php(290)
Can’t get arround this one? I only passe this
myExlogHashAuthenticator($password, $hashFromDatabase, $username)
@tbenyon
My bad…
Seems like i had to change the 2 to a 3
add_filter('exlog_hook_filter_authenticate_hash', 'myExlogHashAuthenticator', 10, 2);
