Hi,
I've got my MT setup all nice and dandy but wish to create a login script in PHP so that all visitors must login before viewing the Blog.
I had a look at the MySQL data and I'm stumped as to how the passwords are stored?!?
Can anyone help me with converting an entered password into this format to check it?
Thanks in advance,
ThRaShErUk
Full Version: Password storage
Do you need the login to be connected to the MT login? If not, then you might check out your hosts options for working with htaccess - you can password protect your blog directory, and then give your visitors the login information.
Kristine
Kristine
I know I could do it that way but I was hoping to connect it to the MT login. That way users can log into MT to chage their information and retrieve lost passwords (saves me work 
).
).
QUOTE (ThRaShErUk @ Jul 14 2003, 10:35 PM)
That way users can log into MT to chage their information and retrieve lost passwords (saves me work ).
).How are they going to login to MT if they can't remember their password?
Using the 'retrieve password' option?!?
Anyway, does anyone know how the passwords are stored?
Anyway, does anyone know how the passwords are stored?
QUOTE (ThRaShErUk @ Jul 15 2003, 07:06 AM)
Anyway, does anyone know how the passwords are stored?
Passwords are stored as a crypt digest in the author_password field in the mt_author table. When you have "auto log in" set, the password digest is also stored as a cookies in the user's browser.
Take a look at the MT/lib/MT/Author.pm file to soo how the password is encoded and tested.
Thanks for the quick answer.
erm, not too good with perl...
Bit cheeky but, any idea how to do this in PHP?
erm, not too good with perl...Bit cheeky but, any idea how to do this in PHP?
*bump*
anybody know that salt that is used for the crypt. I have teh php script to check the password from the MySQL database but the login is incorrect From my understanding the salt for the mt crypt is
and so in my code to crypt the password using php i have
any insights? it is the first two characters of a random alpha numeric string but my php is not very good and i am confused on how to do this.
CODE
@alpha = ('a'..'z', 'A'..'Z', 0..9);
$salt = $alpha[rand @alpha)], 1..2;
$salt = $alpha[rand @alpha)], 1..2;
and so in my code to crypt the password using php i have
CODE
@alpha = ('a'..'z', 'A'..'Z', 0..9);
$salt = $alpha[rand @alpha)], 1..2;
if ( (crypt($password, $salt)) == $result[password])
$salt = $alpha[rand @alpha)], 1..2;
if ( (crypt($password, $salt)) == $result[password])
any insights? it is the first two characters of a random alpha numeric string but my php is not very good and i am confused on how to do this.
The encrypted password begins with the salt that was used to encrypt it. To check whether a clear password ($password_clear) is the same as the encrypted password in the database ($password_crypt), you should be able to do something like this (in PHP):
CODE
if(crypt($password_clear, $password_crypt) == $password_crypt) {
// password matches
}
// password matches
}
thanks stepan, i got it to work correctly now i am tying to duplicate the mt session cookie so that when a user is authenticated they do not need to login again to manage or add entires to the weblog . Anybody know how the cookies work in mt and how to set a simliar cookie in php.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.