Log in | Register
  1. Forum
  3. Discontinued Products
  5. JFBConnect v8.x Support (Joomla 3 Only) (CLOSED)
  7. Describe password authentication mechanism used

Topic-icon Describe password authentication mechanism used

Active Subscriptions:

None
6 years 3 weeks ago #63635 by eashery
On blabber.buzz, we have JFBC extensions which is basically generating random password if a user connect to our website using social logins.
We had noted that when a user update password using jom-social, it generate password which has exact structure just like default Joomla generated password. But as they login to website using password which they had updated, password in table gets changed. It seems JFBC used some other encryption mechanism at this stage.

We are developing an app for this website and want to provide login functionality using login/password but could not match the password as syntax or encryption mechanism is not known. Please suggest/provide us the details regarding encryption mechanism used by JFBC connect.
The topic has been locked.
Support Specialist
6 years 3 weeks ago #63639 by alzander
When a user *logs in* to an account on your site, their password shouldn't be changed at all. The only time JFBConnect should ever be updating the password in the database for the user is when they are registering an account. After that, it's all in Joomla's (or other 3rd party profile extensions) hands.

As for 'how' JFBConnect generates a password, we pass it through Joomla's own password generation function. The exact code is:
$user['password'] = JUserHelper::hashPassword($this->_newUserPassword);
That hashPassword function uses a salted bcrypt password, which is pretty industry standard now for preventing against multiple attacks and what Joomla does natively.

I hope that helps, but if you're seeing other behavior, please let us know the exact steps to reproduce and what you're seeing. Also, if the password field in the database is being changed somehow during a login, does the password for the user still work, or does the change break it from working?

Thanks,
Alex
The topic has been locked.
Active Subscriptions:

None
6 years 3 weeks ago #63654 by eashery
Thank you Alex.
The topic has been locked.
Support Specialist
6 years 3 weeks ago #63664 by alzander
No problem. I hope it helps, but if you need anything else, just let us know.

Thanks,
Alex
The topic has been locked.
  1. Forum
  3. Discontinued Products
  5. JFBConnect v8.x Support (Joomla 3 Only) (CLOSED)
  7. Describe password authentication mechanism used
From the Blog
Facebook | Twitter | LinkedIn | Blog RSS