Create new user programmatically with hashed password

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

Please do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This forum is for discussing mojoPortal development

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

You can monitor commits to the repository from this page. We also recommend developers to subscribe to email notifications in the developer forum as occasionally important things are announced.

Before posting questions here you might want to review the developer documentation.

Do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.
This thread is closed to new posts. You must sign in to post in the forums.
3/24/2018 6:09:15 PM
mikew5163
Gravatar
Total Posts 41
View Posts

Create new user programmatically with hashed password

Hi,

Some years ago I developed a solution whereby a bespoke site I created passed new user credentials into a mojoportal site, to which I added some code to programmatically create a new user.  This worked fine, but the site was set to use plain passwords.

My client now wants password hashing to be turned on on the mojo site.  I was hoping that the code I'd written would still work, and that mojo would create the new user, generate a salt and hash the password for me now that the password mode has been changed.  It does do something to the password as it is scrambled, but it doesn't generate a salt value and I cannot log in.  When I change the password manually to the same one I tried to set it to programmatically, I can see that a salt is created and the password hash is completely different to the one that my code created.  I can, of course, log in fine once the password has been set manually.

Here's the relevant bit of my code (the user's name, email and plain text password have been sent in via a querystring):-

            SiteUser existingUser = new SiteUser(siteSettings, UserEmail);
            if (existingUser.UserId == -1)
            {
                SiteUser newUser = new SiteUser(siteSettings);
                newUser.Name = UserFirstName + " " + UserLastName;
                newUser.LoginName = UserEmail;
                newUser.Email = UserEmail;
                newUser.Password = UserPassword;
                newUser.Save();

             }

Should this work with password hashing switched on?  I was hoping that the SiteUser Save method would take care of the password hashing for me!

Is there another way to achieve this?  It will be a retrograde step to have to ask users to recover / reset their password in the mojo site.

Thanks in advance,

 

Mike

3/25/2018 2:47:49 AM
mikew5163
Gravatar
Total Posts 41
View Posts

Re: Create new user programmatically with hashed password

EDIT:

Sorry, it turns out I was sending in my locally hashed version of the user password, so in fact the SiteUser save method is simply saving the username, email and password as plain text to mp_Users.

So the question is now whether there are methods I can use to perform the password salting / hashing within Mojo.  I know how to do this generally but obviously I need to do it the same way that Mojo itself does for the user to subsequently be able to log in.

You must sign in to post in the forums. This thread is closed to new posts.