php Moodle外部数据库身份验证,使用WindowsMembership函数中的MSSQL

uujelgoq  于 2022-10-30  发布在  PHP
关注(0)|答案(2)|浏览(129)

我正在使用Moodle,并将其与一个新开发的ASP.NET应用程序集成,该应用程序使用了MemberShip函数......我已经尝试过MD5哈希和SHA-1哈希......当我尝试使用文本作为密码foramt时,它工作正常......感觉编码和解码有一些问题......帮助将非常感谢......
我从成员资格表中创建了用户名和密码,并创建了一个视图,试图从我的Moodle中访问它......行中有用户名和密码,但我无法访问它
编辑:当我试着调试这个的时候,我可以看到密码存储在MSSQL中的方式和Moodle在查询中发送的不一样。
请帮帮我伙计们...

密码存储在MSSQL中

uMg8WgxqP+mB3hzcwbeAPqHnty4=                                                                                                     danielmoses

在Moodle的外部数据库设置页面中将哈希配置为SHA-1时记录

[16-Mar-2014 08:47:40 UTC] sqlsrv_configure: SQLSTATE = IMSSP
[16-Mar-2014 08:47:40 UTC] sqlsrv_configure: error code = -14
[16-Mar-2014 08:47:40 UTC] sqlsrv_configure: message = An invalid parameter was passed to sqlsrv_configure.
[16-Mar-2014 08:47:40 UTC] <hr>connecting... hostname: localhost params: array (
'Database' => 'kpadb',
'UID' => 'sa1',
'PWD' => 'password',
)

**[16-Mar-2014 08:47:40 UTC] <hr>running query: 'SELECT *

FROM MoodleAuthentication
WHERE UserName = \'danielmoses\'
AND Password = \'58cb4e2f82599535955e97a110eee6f429cd666d\''<hr>input array: false<hr>result: NULL**
[16-Mar-2014 08:47:40 UTC] (before) ADODB_COUNTRECS: 1 _numOfRows: -1 _numOfFields: -1
[16-Mar-2014 08:47:40 UTC] (after) _numOfRows: -1 _numOfFields: 2
[16-Mar-2014 08:47:40 UTC] _fetch()
[16-Mar-2014 08:47:40 UTC] fetch mode: assoc
[16-Mar-2014 08:47:40 UTC] <hr>after _fetch, fields: <pre> backtrace: <pre align=left> &nbsp; &nbsp; &nbsp; &nbsp; <font face="Courier New,Courier">ADORecordset_mssqlnative._fetch()</font><font color=#808080 size=-1> % line 2989, file: <a href="file:/C:\inetpub\wwwroot\moodle\lib\adodb\adodb.inc.php">adodb.inc.php</a></font>
&nbsp; &nbsp; &nbsp; <font face="Courier New,Courier">ADORecordSet.Init()</font><font color=#808080 size=-1> % line 1086, file: <a href="file:/C:\inetpub\wwwroot\moodle\lib\adodb\adodb.inc.php">adodb.inc.php</a></font>
&nbsp; &nbsp; <font face="Courier New,Courier">ADOConnection._Execute(SELECT * FROM MoodleAuthentication WHERE UserName = '..., false)</font><font color=#808080 size=-1> % line 1044, file: <a href="file:/C:\inetpub\wwwroot\moodle\lib\adodb\adodb.inc.php">adodb.inc.php</a></font>
&nbsp; <font face="Courier New,Courier">ADOConnection.Execute(SELECT * FROM MoodleAuthentication WHERE UserName = '...)</font><font color=#808080 size=-1> % line 117, file: <a href="file:/C:\inetpub\wwwroot\moodle\auth\db\auth.php">auth.php</a></font>
<font face="Courier New,Courier">auth_plugin_db.user_login(danielmoses, Dan@1234)</font><font color=#808080 size=-1> % line 4393, file: <a href="file:/C:\inetpub\wwwroot\moodle\lib\moodlelib.php">moodlelib.php</a></font>
<font face="Courier New,Courier">authenticate_user_login(danielmoses, Dan@1234)</font><font color=#808080 size=-1> % line 140, file: <a href="file:/C:\inetpub\wwwroot\moodle\login\index.php">index.php</a></font>
</pre>

在moodle的外部数据库设置页面中将散列配置为MD-5时记录

[16-Mar-2014 08:56:37 UTC] sqlsrv_configure: SQLSTATE = IMSSP
[16-Mar-2014 08:56:37 UTC] sqlsrv_configure: error code = -14
[16-Mar-2014 08:56:37 UTC] sqlsrv_configure: message = An invalid parameter was passed to sqlsrv_configure.
[16-Mar-2014 08:56:37 UTC] <hr>connecting... hostname: localhost params: array (
'Database' => 'kpadb',
'UID' => 'sa1',
'PWD' => 'password',
)

**[16-Mar-2014 08:56:37 UTC] <hr>running query: 'SELECT *

FROM MoodleAuthentication
WHERE UserName = \'danielmoses\'
AND Password = \'4518af96674e69424360f61f1f6d129c\''<hr>input array: false<hr>result: NULL**
[16-Mar-2014 08:56:37 UTC] (before) ADODB_COUNTRECS: 1 _numOfRows: -1 _numOfFields: -1
[16-Mar-2014 08:56:37 UTC] (after) _numOfRows: -1 _numOfFields: 2
[16-Mar-2014 08:56:37 UTC] _fetch()
[16-Mar-2014 08:56:37 UTC] fetch mode: assoc
[16-Mar-2014 08:56:37 UTC] <hr>after _fetch, fields: <pre> backtrace: <pre align=left> &nbsp; &nbsp; &nbsp; &nbsp; <font face="Courier New,Courier">ADORecordset_mssqlnative._fetch()</font><font color=#808080 size=-1> % line 2989, file: <a href="file:/C:\inetpub\wwwroot\moodle\lib\adodb\adodb.inc.php">adodb.inc.php</a></font>
&nbsp; &nbsp; &nbsp; <font face="Courier New,Courier">ADORecordSet.Init()</font><font color=#808080 size=-1> % line 1086, file: <a href="file:/C:\inetpub\wwwroot\moodle\lib\adodb\adodb.inc.php">adodb.inc.php</a></font>
&nbsp; &nbsp; <font face="Courier New,Courier">ADOConnection._Execute(SELECT * FROM MoodleAuthentication WHERE UserName = '..., false)</font><font color=#808080 size=-1> % line 1044, file: <a href="file:/C:\inetpub\wwwroot\moodle\lib\adodb\adodb.inc.php">adodb.inc.php</a></font>
&nbsp; <font face="Courier New,Courier">ADOConnection.Execute(SELECT * FROM MoodleAuthentication WHERE UserName = '...)</font><font color=#808080 size=-1> % line 117, file: <a href="file:/C:\inetpub\wwwroot\moodle\auth\db\auth.php">auth.php</a></font>
<font face="Courier New,Courier">auth_plugin_db.user_login(danielmoses, Dan@1234)</font><font color=#808080 size=-1> % line 4393, file: <a href="file:/C:\inetpub\wwwroot\moodle\lib\moodlelib.php">moodlelib.php</a></font>
<font face="Courier New,Courier">authenticate_user_login(danielmoses, Dan@1234)</font><font color=#808080 size=-1> % line 140, file: <a href="file:/C:\inetpub\wwwroot\moodle\login\index.php">index.php</a></font>
</pre>
6vl6ewon

6vl6ewon1#

可能是密码盐
http://docs.moodle.org/25/en/Password_salting
尽管我建议使用外部数据库身份验证来同步来自www.example.com系统的用户asp.net
http://docs.moodle.org/26/en/External_database_authentication

ldioqlga

ldioqlga2#

这是一个非常古老的问题,但对于偶然发现它的人来说,这是一个有效的PHP代码,用于获取存储在密码哈希字段中的值:

$storedHash = base64_encode( sha1(base64_decode($passwordsalt) . mb_convert_encoding($password, 'UTF-16LE', 'UTF-8'), true) )

$password是未加密的密码。
$passwordsalt是aspnet_成员资格密码Salt字段。
$storedHash应该符合储存在aspnet_Membership Password字段中的值。

相关问题