[Mediawiki-l] How to export user password from Mediawiki MySQL database to OpenLDAP
DanTMan
dan_the_man at telus.net
Thu Aug 23 07:39:42 UTC 2007
That 1 is mostly accurate... but your 2 isn't explained enough. The
method for coming up with the password in that case is something like
md5( $user_id . '-' . md5( $password ) )
The password is hashed, the user_id is added to the start separated by a
- then hashed again.
But please, for all sake of sanity... Don't go creating the passwords on
your own if there isn't some strict reason you need to do this manually.
Encrypting the passwords in the right way is what wfEncryptPassword(
$userid, $password ); is for. The only case where you don't use that, is
if you're coming up with an extension to do something like converting
the old passwords to new ones (Though, you can't do it the other way
around), or accessing information and needing to use the old password.
(ie: An extension that lets a user with an old password format verify
themselves using that old password, and enter in a new password that
will be encrypted and saved in the new format. But as you can see, the
only valid reasons I can find for doing this on your own in MediaWiki
(ie: excluding someone who is manually changing passwords using MySQL
only, that's not in MediaWiki) is some method of extension for letting
people convert passwords if they have upgraded from an old version and
want to start using the new formats.
So in simple terms... "$hash = wfEncryptPassword( $userid, $password );"
is all you need to know.
~Daniel Friesen(Dantman) of The Gaiapedia, Wikia Graphical Entertainment Project, and Wiki-Tools.com
Alexis Moinet wrote:
> Yifan (Eric) Jiang a écrit :
>
>> Hi all,
>>
>> I am currently working in a project which requires to exporting user
>> information from Mediawiki MySQL database to OpenLDAP directory (with
>> Berkeley database). Everything is fine except the password issue. I am
>> not sure what hash algorithm does Mediawiki use to hash user password,
>> (But I guess it may be MD5). However, I can't get the same hash value by
>> using OpenLDAP slappasswd with {MD5}, {SHA}, {SMD5}, {CRYPT} AND {SSHA}
>> algorithms. Therefore I am wondering if any one has similar experience
>> that can share with me. Any hints, tips would be much appreciated!
>>
>> Thanks
>>
>> Eric Jiang
>>
>
> the password stored in the database is something close to :
>
> 1. md5 (password)
> 2. md5 (1. and user id)
>
> though it might actually act a little bit differently, it was the idea when I last looked at it
>
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l at lists.wikimedia.org
> http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
>
More information about the MediaWiki-l
mailing list