views:

48

answers:

1

I'm trying to do Authentication against restful_authentication from a php application, however I understand it uses a SHA1(digest--salt--password--RESTFUL_AUTH_KEY). The issue is regardless of how much I try I can't get the hash to match. Reading through the documentation I see the digest is just the restful auth key, but that's where I get confused. Has anyone else been able to find a way to match up hashed password outside of using ruby and if so how?

A: 

Here is an example using php:

<?php

$password = 'SomePassword';
$salt = 'saltHashFromDB';
$sitekey = 'siteKeyFromConfig';

function pwcrypt($password, $salt, $sitekey) {
  $digest = $sitekey;
  $i = 0;
  while ($i < 10) {
    $digest = sha1($digest.'--'.$salt.'--'.$password.'--'.$sitekey);
    $i++;
  }
  return $digest;
}
echo pwcrypt($password,$salt,$sitekey);
?>

This is a pretty simple example, you should be able to integrate it into your application based on this. I know in the ruby code there are about 4 or 5 functions that it calls one after the other to do the same thing, having it in one place should make it easier to understand.

Let me know if you need any clarification.

Thanks,

C4colo

C4colo