Hello all, I have a client with an older Rails 1.8 app (was recently
upgraded from 1.6) and I need to integrate a php site to use the same
user login creds.
I''m not very versed with Ruby but I think this is the code that
encrypts the password.
[code]
# Encrypts some data with the salt.
def self.encrypt(password, salt)
Digest::SHA1.hexdigest("--#{salt}--#{password}--")
end
# Encrypts the password with the user salt
def encrypt(password)
self.class.encrypt(password, salt)
end[/code]
So.... I have full db access so I have the encrypted passwords and
their associated salts. And I need a php script to verify users. Is
there as way for me to un-encrypt this password via php and the
database that Ruby is using?
Thanks in advance for any guidance or assistance you may be able to
provide.
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
You shouldn''t have to decrypt it. As with the login code in ruby you compare hash to hash. Dieter Lunn http://www.coder2000.ca On Mon, May 10, 2010 at 7:38 AM, rusty <rwcoan-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Hello all, I have a client with an older Rails 1.8 app (was recently > upgraded from 1.6) and I need to integrate a php site to use the same > user login creds. > > I''m not very versed with Ruby but I think this is the code that > encrypts the password. > > [code] > # Encrypts some data with the salt. > def self.encrypt(password, salt) > Digest::SHA1.hexdigest("--#{salt}--#{password}--") > end > > # Encrypts the password with the user salt > def encrypt(password) > self.class.encrypt(password, salt) > end[/code] > > So.... I have full db access so I have the encrypted passwords and > their associated salts. And I need a php script to verify users. Is > there as way for me to un-encrypt this password via php and the > database that Ruby is using? > > Thanks in advance for any guidance or assistance you may be able to > provide. > > -- > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
exactly, that''s what I meant, sorry. Is this just a sha1() hash? I
guess I''m not fully understanding what Ruby is doing here.
Digest::SHA1.hexdigest("--#{salt}--#{password}--")
What is ''hexdigest''?
On May 10, 8:42 am, Dieter Lunn
<coder2...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:> You shouldn''t have to decrypt it. As with the login code in ruby
you
> compare hash to hash.
>
> Dieter Lunnhttp://www.coder2000.ca
>
>
>
> On Mon, May 10, 2010 at 7:38 AM, rusty
<rwc...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > Hello all, I have a client with an older Rails 1.8 app (was recently
> > upgraded from 1.6) and I need to integrate a php site to use the same
> > user login creds.
>
> > I''m not very versed with Ruby but I think this is the code
that
> > encrypts the password.
>
> > [code]
> > # Encrypts some data with the salt.
> > def self.encrypt(password, salt)
> > Digest::SHA1.hexdigest("--#{salt}--#{password}--")
> > end
>
> > # Encrypts the password with the user salt
> > def encrypt(password)
> > self.class.encrypt(password, salt)
> > end[/code]
>
> > So.... I have full db access so I have the encrypted passwords and
> > their associated salts. And I need a php script to verify users. Is
> > there as way for me to un-encrypt this password via php and the
> > database that Ruby is using?
>
> > Thanks in advance for any guidance or assistance you may be able to
> > provide.
>
> > --
> > You received this message because you are subscribed to the Google
Groups "Ruby on Rails: Talk" group.
> > To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > For more options, visit this group
athttp://groups.google.com/group/rubyonrails-talk?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
> For more options, visit this group
athttp://groups.google.com/group/rubyonrails-talk?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
It is just an SHA1 hash. the hexdigest part is getting the hex representation of that hash. Dieter Lunn http://www.coder2000.ca On Mon, May 10, 2010 at 7:50 AM, rusty <rwcoan-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> exactly, that''s what I meant, sorry. Is this just a sha1() hash? I > guess I''m not fully understanding what Ruby is doing here. > > Digest::SHA1.hexdigest("--#{salt}--#{password}--") > > What is ''hexdigest''? > > On May 10, 8:42 am, Dieter Lunn <coder2...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: >> You shouldn''t have to decrypt it. As with the login code in ruby you >> compare hash to hash. >> >> Dieter Lunnhttp://www.coder2000.ca >> >> >> >> On Mon, May 10, 2010 at 7:38 AM, rusty <rwc...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: >> > Hello all, I have a client with an older Rails 1.8 app (was recently >> > upgraded from 1.6) and I need to integrate a php site to use the same >> > user login creds. >> >> > I''m not very versed with Ruby but I think this is the code that >> > encrypts the password. >> >> > [code] >> > # Encrypts some data with the salt. >> > def self.encrypt(password, salt) >> > Digest::SHA1.hexdigest("--#{salt}--#{password}--") >> > end >> >> > # Encrypts the password with the user salt >> > def encrypt(password) >> > self.class.encrypt(password, salt) >> > end[/code] >> >> > So.... I have full db access so I have the encrypted passwords and >> > their associated salts. And I need a php script to verify users. Is >> > there as way for me to un-encrypt this password via php and the >> > database that Ruby is using? >> >> > Thanks in advance for any guidance or assistance you may be able to >> > provide. >> >> > -- >> > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. >> > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org. >> > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org >> > For more options, visit this group athttp://groups.google.com/group/rubyonrails-talk?hl=en. >> >> -- >> You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. >> To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org >> To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org >> For more options, visit this group athttp://groups.google.com/group/rubyonrails-talk?hl=en. > > -- > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Ok, one last question and I think I''ve got this.
How is Ruby interpreting this string?
"--#{salt}--#{password}--"
For example let''s say....
salt = 1234
password = 5678
Is Ruby seeing
"--#{1234}--#{5678}--"
or
"--#1234--#5678--"
or
"--1234--5678--"
This is really just my ignorance of how Ruby interprets variables in
strings. Sorry in advance for the dumb question.
Thanks for your assistance.
On May 10, 8:53 am, Dieter Lunn
<coder2...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:> It is just an SHA1 hash. the hexdigest part is getting the hex
> representation of that hash.
>
> Dieter Lunnhttp://www.coder2000.ca
>
>
>
> On Mon, May 10, 2010 at 7:50 AM, rusty
<rwc...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > exactly, that''s what I meant, sorry. Is this just a sha1()
hash? I
> > guess I''m not fully understanding what Ruby is doing here.
>
> > Digest::SHA1.hexdigest("--#{salt}--#{password}--")
>
> > What is ''hexdigest''?
>
> > On May 10, 8:42 am, Dieter Lunn
<coder2...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >> You shouldn''t have to decrypt it. As with the login code
in ruby you
> >> compare hash to hash.
>
> >> Dieter Lunnhttp://www.coder2000.ca
>
> >> On Mon, May 10, 2010 at 7:38 AM, rusty
<rwc...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >> > Hello all, I have a client with an older Rails 1.8 app (was
recently
> >> > upgraded from 1.6) and I need to integrate a php site to use
the same
> >> > user login creds.
>
> >> > I''m not very versed with Ruby but I think this is
the code that
> >> > encrypts the password.
>
> >> > [code]
> >> > # Encrypts some data with the salt.
> >> > def self.encrypt(password, salt)
> >> >
Digest::SHA1.hexdigest("--#{salt}--#{password}--")
> >> > end
>
> >> > # Encrypts the password with the user salt
> >> > def encrypt(password)
> >> > self.class.encrypt(password, salt)
> >> > end[/code]
>
> >> > So.... I have full db access so I have the encrypted
passwords and
> >> > their associated salts. And I need a php script to verify
users. Is
> >> > there as way for me to un-encrypt this password via php and
the
> >> > database that Ruby is using?
>
> >> > Thanks in advance for any guidance or assistance you may be
able to
> >> > provide.
>
> >> > --
> >> > You received this message because you are subscribed to the
Google Groups "Ruby on Rails: Talk" group.
> >> > To post to this group, send email to
rubyonrails-talk@googlegroups.com.
> >> > To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> >> > For more options, visit this group
athttp://groups.google.com/group/rubyonrails-talk?hl=en.
>
> >> --
> >> You received this message because you are subscribed to the Google
Groups "Ruby on Rails: Talk" group.
> >> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org.
> >> To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> >> For more options, visit this group
athttp://groups.google.com/group/rubyonrails-talk?hl=en.
>
> > --
> > You received this message because you are subscribed to the Google
Groups "Ruby on Rails: Talk" group.
> > To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > For more options, visit this group
athttp://groups.google.com/group/rubyonrails-talk?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
> For more options, visit this group
athttp://groups.google.com/group/rubyonrails-talk?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
On 10 May 2010 14:04, rusty <rwcoan-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Ok, one last question and I think I''ve got this. > > How is Ruby interpreting this string? > > "--#{salt}--#{password}--" > > For example let''s say.... > salt = 1234 > password = 5678 > > Is Ruby seeing > > "--#{1234}--#{5678}--" > > or > > "--#1234--#5678--" > > or > > "--1234--5678--" > > This is really just my ignorance of how Ruby interprets variables in > strings. Sorry in advance for the dumb question.Try it in the console and see. (ruby script/console) Colin -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
In case you do not have a working Ruby app with a console available the answer is: "--1234--5678--" The document on the digest is avaialble here: http://ruby-doc.org/stdlib/libdoc/digest/rdoc/index.html -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.