Use Moodle Accounts to Log In at external site

Use Moodle Accounts to Log In at external site

by Ismael Ismael -
Number of replies: 4
Hi all, I'm developing an application that will let me extend some Moodle functions for my coursework. I'm studying ICT and programming.


What I need is to create user sessions at my website validating the user/password with the Moodle users table.


I found at the forum some topics explaining that you can send a http_post to the login file, but it will create the session at the moodle domain. What I want is to check that the user and password given at http://domain1.com math to the user and password of an user account at http://mymoodle.com

I thought that I can connect directly to the db server of moodle and check this.

But now I've other problem. At users table, you have the password hash. What I want is to set a php function at my own domain that would generate the password hash of the password I set at the login-form, and then check if this hash matches the hash of moodle user password.


I know I need a salt, but y can get the salt by cutting the 22 characters from moodle password https://moodle.org/mod/forum/discuss.php?d=235504#p1023177


Well I think I have all the tools I need, but I don't know how to use it. So, my question is:

How have I to use the password_hash in order to generate the same hash that moodle generates?


stringpassword_hash ( string $password , integer $algo [, array $options ] )


Sorry my English!

Average of ratings: -
In reply to Ismael Ismael

Re: Use Moodle Accounts to Log In at external site

by Ravi Alamuri -

Hello Ismael,


Not sure what you are intending to do mate, but messing with core moodle code is generally considered a bad idea. We have our own customized interfaces with our moodle instance as well as a customized moodle mobile app. In both instances we make use of Moodle web services as much as possible and whatever we can't do with the web services, we have a local plugin to handle. 

Logging into Moodle using the web services is a cinch, if you have the instance properly configured.  You might want to have a look here https://docs.moodle.org/dev/Creating_a_web_service_client#How_to_get_a_user_token

Hope this helps!


Regards


Ravi

Average of ratings: -
In reply to Ravi Alamuri

Re: Use Moodle Accounts to Log In at external site

by Ismael Ismael -

In short, I want to know the values I need to use with:

string password_hash ( string $password , integer $algo [, array $options ]) 


function as $algo and $options in order to generate the same type of password that Moodle generates.


$password = password string

$algo = ¿?

$options = ¿?


What I want is to check if my generated password and an existing password in Moodle matches.

Average of ratings: -
In reply to Ismael Ismael

Re: Use Moodle Accounts to Log In at external site

by Iñaki Arenaza -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

Hi Ismael,

have a look at function hash_internal_user_password() in lib/moodlelib.php. That's the function Moodle uses to generate the password for internal users. In fact, it uses password_hash() internally smile

Saludos. Iñaki.

Average of ratings: -
In reply to Iñaki Arenaza

Re: Use Moodle Accounts to Log In at external site

by Ismael Ismael -
Ok Thx, I found it. Now I've a new problem. This is how moodle generates the hash but, when you try to log in, does it use the same function in order to create the hash again and check if it matches the database? Or maybe... is there another function that get the hash using the same cost and salt that the password at the db? What I mean is if the $2y$10$... at the password hash at the db is used when loggin, and how it's used when you get the hash of the input password.

(Me paso al español que me es mas fácil). Pues eso, mi intención mas que generarlas para registro, es compararlas. ¿Cuál es la función que en el login genera el hash de la clave introducida y la compara con la base de datos? He supuesto que al introducir el nombre de usuario, extrae la sal y el coste de la clave ya existente para generar el hash... pero entre lo poco que conozco moodle, lo relativamente poco que se de php y tal, no he podido encontrarlo.
Average of ratings: -