Password generating

Hi everyone,

I have some simple application that people are using in company for doing some calculations. My boss wants me to make logging into this app using SUITE CRM usernames and passwords, so we don’t have to create 2 accounts. I would love to solve this simply by connecting to suite db users table and check if user and password match and then create some session for the logged user. The problem is I don’t know how to encode password. I’ve tried md5(mypassword), but hash i got is not the same as one in user_hash field in users table of suite? What is the formula for password hashing in suite crm?

Thanks in advance,

best regards.

Dusan

Hi Dusan,

The password is lowercased and md5’d (I’m not sure why) and then passed through the PHP function crypt.

For checking a password see how it is done in the Users module in modules/User/User.php:


	public static function checkPasswordMD5($password_md5, $user_hash)
	{
	    if(empty($user_hash)) return false;
	    if($user_hash[0] != '$' && strlen($user_hash) == 32) {
	        // Old way - just md5 password
	        return strtolower($password_md5) == $user_hash;
	    }
	    return crypt(strtolower($password_md5), $user_hash) == $user_hash;
	}

Hope this helps,
Jim

2 Likes

Thanks Jim,

I can confirm this is the right solution, just in case someone else needs it. It works like charm.

Best regards,

Dusan

I too utilized this using PHP Report Maker 9. Here was my final script under User_CustomValidate:

// User Custom Validate event
// Check username and password against database.
function User_CustomValidate(&$usr, &$pwd) {
	// Enter your custom code to validate user, return TRUE if valid.

	// Get the PW hash from the database
	$row = ewr_ExecuteRow("SELECT user_hash FROM users WHERE user_name = '$usr'");
	
	if(empty($pwd)) return false;

	// Check the password
	return crypt(strtolower(md5($pwd)), $row['user_hash']) == $row['user_hash'];

}