We have a weird problem with password encryption at our website beta1.iamyogi.com.
We register a user at the website. There is a full registration possible with activation link in the e-mail. It is working till I want to log in. Even with a simple user "John" and password "12345".
If I change the password for "John" in the CMS to "12345" and save
the user account, I can login on the front with John/12345.
If I look at the database, the only change there is it the password field xxxx_users. First it was something like:
ad2630323c070b40776acc011b5c5116 then after the CMS change of password:
$P$DXe2T/Ceh3PeRAxdsFdwfYhKEndxIg.
It looks way different in type of encryption.
Do you know how this is possible?!
Joomla 3.2.1 and joomla 3.2.2 joomla 3.2.3, all tested same problem
jomsocial 3.1
Related
I'm developing a migrate script (Joomla 3 to Drupal 7).
Because I don't want to decrypt Joomla's user passwords, I want to check if the inputted password, after encryption, matches the password in my Joomla table. Just like a normal login system.
The only thing I don't know, is how Joomla's Password are encrypted in Joomla 3.x. So I want to know what happens when I enter my password in Joomla's login form.
Can anybody help me out (I prefer some PHP code)?
Joomla 3.2 and above uses Bcrypt as the hashing algorithm for passwords.
Anything below Joomla 3.2 uses MD5 + Salt
I've set a Joomla site password policy via users > options.
If I add a new user via the backend and try to set an insecure password, the policy seems to work and I get the appropriate error message.
If the user logs in, goes to their profile and changes their password, the password policy is still enforced.
However, if the user goes to the login screen, chooses 'Forgot your password' they are able to choose a new password which doesn't pass the policy.
I'm using the default Joomla login and registration extensions and as far as I can see, there's nothing else that could be causeing a conflict.
Does anyone have some suggestions on where to look?
EDIT
Site is using Joomla! 3.3.6 Stable, which is currently the latest version of Joomla
Thanks a lot!
I'm trying to install BitNami Wordpress on XAMPP for Windows, but I have a slight problem here. There's this Create Admin Account dialog box on my way through installation and it seems to require me to fill the boxes in. It's asking for Login, My real name, Email address, My existing MySQL password for XAMPP, and Application password. I don't know what kind of password I should type in, since I haven't even typed in any password for anything. I've tried to leave it blank and click Next, but it won't allow me.
For a better understanding of my question, you can view it here, No. 3 and No. 4 : http://wiki.bitnami.com/Infrastructure_Stacks/BitNami_for_XAMPP#What_is_the_XAMPP_MySQL_password.3f
for the first password field, you will have to add the password of phpmyadmin (if any).
for the second password and retype password field you will have add the password you want to set for wordpress admin.
I am using Joomla 1.7 with Hikashop. That's why I want new registered users to have a secure password.
Is it possible to set password guidelines in Joomla, so that it isn't possible to register a user with a password like "12345" or "qwerty"?
You can do that on clientside via additional Javascript or on serverside via an custom/extended authentification plugin.
I have a website based on Joomla 1.5.22. I want users to change the password on the frontend. Using the menumanager i can bring up the page but i want to show only username, email, password and verify password. But it's bringing more info like change backend language.
You should use the User Form menu item you mentioned, as that is the native interface for allowing users to change their password. However, since you want to avoid the other fields, you can simply disable "Front end user parameters" in Global Configuration > System.
This did it for me:
http://www.dummies.com/how-to/content/how-to-let-users-manage-their-own-accounts-in-joom.html
Concretely, the URL for the user to edit her details is here:
index.php?option=com_user&view=user&layout=form
Joomla 1.5