Encrypted Password

Encrypted Password

by Fifie Sha -
Number of replies: 3
Hello,
I am currently build a software that can automatically download file from moodle website where student doesn't need to log in to the website. student just need to log in to this software and it will automatically download new file. but the problem that im facing right now is the password is encrypted. is anyone know how to decrypt the password?
Average of ratings: -
In reply to Fifie Sha

Re: Encrypted Password

by Tim Hunt -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
You can't. The password is not encrypted. It is hashed.

What you can do is to look at Moodle authentication plugins. Hopefully, you can set it up so that if the student is logged into your other system, then they are also automatically logged into Moodle.
Average of ratings: -
In reply to Tim Hunt

Re: Encrypted Password

by Matteo Scaramuccia -
Hi,
password in Moodle are hashed (MD5) and salted (=> ~SMD5) so if you apply the same salt you can do the job locally to your application if required. Find below refs.

Secret:
WWWROOT/config.php:
...
$CFG->passwordsaltmain = '<secret>';

SMD5-like Moodle implementation:
WWWROOT/lib/moodlelib.php:
...
function validate_internal_user_password(&$user, $password) {
...
 if ($user->password == md5($password.$CFG->passwordsaltmain)...

SMD5 implementation:
Hash = MD5(<password> + <salt>) + <salt>

As Tim pointed out, you can also write your own authentication plug-in - to create a valid Moodle session - w/o the need to access someway to the Moodle Users table in the DB.

It depends on how this local application will take files from the remote Moodle (guessing using the normal way, HTTP GET to file.php).

HTH,
Matteo
Average of ratings: -