Database user authentication password encryption

Hi,

How is encrypted the password when using database profile? I tried to decode using SHA1 or MD5 but can’t find the same code.

Help is welcome.

Best.

The example Authentication Query for Manual Mode is SELECT firstname, lastname, schedule FROM USERS WHERE username = ? AND password = MD5(?)so I’m guessing MD5…

It’s sha1 for the automatic mode DB user source

Oh well. Now you know why I don’t do the lottery :slight_smile:

Database passwords are a 64-bit SHA1 hash when using automatic mode.

This following example could be used to allow a user to change their password from the client:

import base64
import hashlib

user = system.security.getUsername()
pwd = "myPassword"
hash = base64.b64encode(hashlib.sha1(pwd).digest())

result = system.db.runUpdateQuery("UPDATE auth_users SET passwd = '%s' WHERE username = '%s'" % (hash, user)
3 Likes

Hi, found this thread while looking for information. Thanks for the hashing function. However, is there a way to reverse it? As I’m developing a custom login screen and will need to switch user using scripting. Thank you.

Hashes are non-reversible. That’s the point of using them in security applications. Your custom login screen should be asking the user for his/her password.