Paul Sanderson wrote:
The problem comes when adding the password. As far as I can see mediaWiki expects a salted hash of the hash of a password, the salt is the userID. i.e. if I create a user who has a random password (say 123abc) and a userID of say 357 then I would do the following
Create a random password (123abc)
Hash it
prepend the user ID and a dash(-), so we would have, some thing like
357-abc343acde... etc.
We then hash this string again, giving the final hash
Sounds right. Make sure that: * you are using MD5 * hex digits are lowercase * the hashed object is UTF-8 text, and you're not including the NULL byte or any other trailing bytes from an array
For your example of id 357 and password "123abc" you should get:
$ php -r 'echo md5("357-" . md5("123abc")) . "\n";' 397981aabef0194a3b76c1319c496659
-- brion vibber (brion @ pobox.com)