1. General
  2. Questions
0
Answered

Create User Manually

Henry Aspden 4 years ago updated by Tom 4 years ago 5

What is the hashing / salting mechanism used for creating a users password? I would like to batch create the users in bulk for my work moving all our literature to here.

Going forward I will then try to create a php script to keep our userlist up to date on a cron shedule

Thanks

Answered
Tom 4 years ago

Hello Henry,

You should find the info you need in this post:

https://ubooquity.userecho.com/communities/1/topics/280-script-to-change-the-admin-password

It's about the admin password, but the user password hashes are generated the same way.

Let me know if something's unclear.

Henry Aspden 4 years ago

Thaks for your swift reply tom, 

i entered
password = password

salt = d0809793df2c3be1a77a229781cfe1cdb1a2a
encryption = SHA256 at

https://www.freeformatter.com/hmac-generator.html#ad-output

Updated my preferences.json file with this new password then restarted Ubooquity but still don't have access

Any thoughts ?

Tom 4 years ago

Did you stop Ubooquity before updating the json file ? Otherwise it might have been overwritten when Ubooquity stops.

Henry Aspden 4 years ago

Hi @Tom thanks for your response. Covid-19 work planning got in the way of all things books...

Played again today with a few different generators,

Thought I'd sense check by using one of the passwords I already know to test

I entered
password = test

salt = d0809793df2c3be1a77a229781cfe1cdb1a2a
encryption = SHA256

at https://www.freeformatter.com/hmac-generator.html#ad-output
hash = af3d2fb840e35dcffe067552a9efa371501206f86ceaa306fffecfad553ef304

andat https://www.liavaag.org/English/SHA-Generator/HMAC/
hash = af3d2fb840e35dcffe067552a9efa371501206f86ceaa306fffecfad553ef304

However in my preferences.json file the hash for this user is down as
hash = e9bc41e65fed39868cf9fde2dab09ae25590fbd007863f8e62ce759b9015cd6f

The value I get as my hash is identical so I don't think its a defunct genorator but more likely that "d0809793df2c3be1a77a229781cfe1cdb1a2a" is not the salt ? Is this possible ?

Tom 4 years ago

Hi Henry, no problem, Covid-19 is impacting everybody.


When implementing the hash mechanism, I used these guidelines:

http://pajhome.org.uk/crypt/md5/auth.html

(more specifically the "Adding MD5 to an Authentication System" part, with sha256 instead of md5).


While looking for a solution to your issue, I noticed that in these guidelines, the user password is considered as the key and the salt is considered as being data when calling the hex_hmac_sha256 method.


So if you swap the password and the salt when using any of the services you mention, you will get the same hash as the one generated by Ubooquity.

Customer support service by UserEcho