How password hash and salt works while registering and login?

Hi everyone ! i need to know that how password hash and salting works when a user registers his account, kindly if you give me the code (in elgg 1.8.5), will be helpful for me to undestand elgg's hashing and salting mechanism, it will also help me and other developers to use this method in other projects while creating registering and login process.I am also in process to combine two different user's Login databases one with simple md5 password hash, and elgg's users table details.   

Thanks !

  • Look inside the engine/lib/users.php and session.php

  • Hello Team Webgalli ! Thank you ! yes i have looked through these files, it is obvious that salt and hash is generated with rand() , time() and microtime() functions etc with user and username variables, now that suppoase we have got randomly generated Salt to work with md5 hash, with all these functions and the final output is saved in our database under 'password' and 'salt' fields, i need to know (as i am experimenting) how to use these two fileds and their data to use in simple PHP script to validate and authnticate a user and connect to database, based on these 2 fields data, as output of md5 is treated with randon salt, so it is no more on oridinary md5 hash now, i have tried to drop salt filed , but unable to validate user details.Kindly provide me exact code how could i connect successfully to elgg_users_entity table (which i have made in my localhost to experiment) with simple external php code.I only need $_POST['password'] with elgg's technique and sql query statement.

    Thanks in advance!

  • I'm looking into a possible database transfer project, in which the database I would like to transfer users from does not use salt, into an Elgg installation. Will transfered uses be able to login if i just import the basics like username, email md5 pass etc without salt? (I would think not) But any suggestions are welcome. Even a force password reset upon first login attempt perhaps. Bit of a brainstorm really ...

    [Moderator: this comment was off-topic. It was moved to its own topic.]