We have a weird problem with password encryption at our website beta1.iamyogi.com.

1: We register a user at the website. There is a full registration possible with activation link in the e-mail. It is working till i want to log in. Even with a simpel user "John" and password "12345".
2: If i change the password for "John" in the CMS to "12345" and save the user account, i can login on the front with John/12345.
3: If i look at the database, the only change there is it the password field xxxx_users. First it was something like
- ad2630323c070b40776acc011b5c5116 then after the CMS change of password:
- $P$DXe2T/Ceh3PeRAxdsFdwfYhKEndxIg.
It looks way different in type of encryption.

Do you know how this is possible?

Hi Thomas,

as far as i know from joomla Forum, that's what happen behind:

A. Generate a password
B. Generate a string with 32 random characters
C. Concatenate Password (Step A) and RandomString (Step B)
D. Take md5(Result of Step C)
E. store Step D Result : Step B Result

Generate a password - Let 'testing'
Generate a string of 32 random characters - 'aNs1L5PajsIscupUskaNdPenustelsPe'
Concatenate Password and random string - testingaNs1L5PajsIscupUskaNdPenustelsPe
md5(Step C Result) - 5cf56p85sf15lpyf30c3fd19819p58ly
store step d:step B - 5cf56p85sf15lpyf30c3fd19819p58ly:aNs1L5PajsIscupUskaNdPenustelsPe

$salt = JUserHelper::genRandomPassword(32);
$crypt = JUserHelper::getCryptedPassword("testing", $salt);
$password = $crypt . ':' . $salt;

password DB field = md5(password + salt) + ":" + salt 

Where can I find all the registration files so I can compare the password build up?

Hi Thomas,

Maybe you can find it at \libraries\joomla\user or \components\com_users
For further infoemation please ask on joomla forum :)

Warm Regards,

David