Cryptage des password ?

[CrazyCat]

bon, je viens de jeter un oeil dans le code et je pense que inc/functions_user.php peut t'intéresser, il contient tout ce qui permet de gérer le login.

Code :

/**
* Checks a password with a supplied uid.
*
* @param int The user id.
* @param string The md5()'ed password.
* @param string An optional user data array.
* @return boolean|array False when not valid, user data array when valid.
*/
function validate_password_from_uid($uid, $password, $user = array())
{
    global $db, $mybb;
    if($mybb->user['uid'] == $uid)
    {
        $user = $mybb->user;
    }
    if(!$user['password'])
    {
        $query = $db->query("SELECT uid,username,password,salt,loginkey FROM ".TABLE_PREFIX."users WHERE uid='".intval($uid)."' LIMIT 1");
        $user = $db->fetch_array($query);
    }
    if(!$user['salt'])
    {
        // Generate a salt for this user and assume the password stored in db is a plain md5 password
        $user['salt'] = generate_salt();
        $user['password'] = salt_password($user['password'], $user['salt']);
        $sql_array = array(
            "salt" => $user['salt'],
            "password" => $user['password']
        );
        $db->update_query(TABLE_PREFIX."users", $sql_array, "uid = ".$user['uid'], 1);
    }

    if(!$user['loginkey'])
    {
        $user['loginkey'] = generate_loginkey();
        $sql_array = array(
            "loginkey" => $user['loginkey']
        );
        $db->update_query(TABLE_PREFIX."users", $sql_array, "uid = ".$user['uid'], 1);
    }
    if(salt_password(md5($password), $user['salt']) == $user['password'])
    {
        return $user;
    }
    else
    {
        return false;
    }
}

et la fonction salt_password est:

Code :

function salt_password($password, $salt)
{
    return md5(md5($salt).$password);
}

Ca nous donne donc md5(md5($salt).md5($pass))