Generate or validate account passwords with PHP

This section contains scripts that hMailServer has contributed with. hMailServer 5 is needed to use these.
Post Reply
Hazark
New user
New user
Posts: 26
Joined: 2014-05-08 23:17

Generate or validate account passwords with PHP

Post by Hazark » 2014-12-08 15:29

I'm planning to write a self-service password changing script in PHP, so here is my first step.

Some information available on forum, but I can't find all answers I need, so I downloaded the Hmailserver source and found my answers :)

I should note that my work actually is a glitzy version of this (which I found AFTER I published my code..)
viewtopic.php?p=128481#p128481


Anyway..
https://gist.github.com/hazarkarabay/28 ... 14cd1fc5fc

You can create, modify or validate an account password with using this. Currently not supporting for plaintext and Blowfish authentication, as in my environment everyone using SHA256.

Usage:

Code: Select all

<?php
$HMPass = new Hmail_Pass();

echo $HMPass->GenerateHash('somepassword'); // Creates the hash for 'somepassword' using auto generated salt and hexadecimal output
echo $HMPass->GenerateHash('somepassword', 'tuzluk', $HMPass::base64); // Creates the hash for 'somepassword' using provided salt ('tuzluk') and base64 output

$HMPass->ValidateHash('password', '24b16f656b95c155...fce63901404a11b'); // Checks the password/hash match, hash type is SHA256 and using salt as first 6 characters. Returns true if matched.
$HMPass->ValidateHash('password', '24b16f656b95c155...fce63901404a11b', true, $HMPass::SHA1); // Checks the password/hash match, hash type is SHA1 and using salt as first 6 characters. Returns true if matched.

?>

What I learn from the source:
In hm_accounts table
- accountpassword field is the password (obviously)
- accountpwencryption field is the encryption/hash type which is:
Plaintext = 0,
BlowFish = 1,
MD5 = 2,
SHA256 = 3
- Blowfish key is "THIS_KEY_IS_NOT_SECRET"

Post Reply