Redmine

Best bet: always consult source first.

https://bitbucket.org/redmine/redmine-all/src/c06f74894d2c/app/models/user.rb#cl-253

https://bitbucket.org/redmine/redmine-all/src/c06f74894d2c/app/models/user.rb#cl-636

https://bitbucket.org/redmine/redmine-all/src/c06f74894d2c/app/models/user.rb#cl-631

Random 16 char salt + SHA1 password in this format all hashed a second time:

User.hash_password("#{salt}#{User.hash_password clear_password}")

HOWEVER, I'd recommend you use the REST API (I believe there is one that'll provide log in), it'll lead to less broken stuff if Redmine changes anything.

excuse me, I'm not anglophone,I'm not very good in english language, for that i can't find ressources and documentations in english, but thanks you may help me with that I will try to understand,
for the API, Redmine is usable in the entreprise where I'm training, they want to modify some functionnalities in Redmine, for there needs, then this is my training subject, but I'm not good in ruby on rails, and the time of training is not enough to do formations and learn the technologie, for that, they suggested to me to add the pages that they recommand, with PHP, and couple the 2 technologies, but all the pages we want to do, requiere that the user to be connected, and I'm bolqued in front of the method to test the hashed passwords...that's all

can you explain to me the algorithm? (In frensh it will be better :) )

Hatim Rassili wrote:

can you explain to me the algorithm? (In frensh it will be better :) )

Hope we got someone on the board that can translate for me! I don't know French. :( Sorry.

I'm going to try to keep it basic, and in a language we both understand, PHP! This should do it:

Edit: this is wrong see my reply below

sha1('#' . $salt . '#' . sha1($password));

MySQL tables:

$salt is pulled from: users.salt

Compare the above code with: users.hashed_password

Here are the REST API, under "authentication".

http://www.redmine.org/projects/redmine/wiki/Rest_api

You can throw it through Google translate possibly, works for me when I need stuff translated:

http://translate.google.com/

Yes that's good I understand very well, but now the code is not correct, I tried with a password that I defined, My password in the redmine application

Sorry, rusty on my Ruby syntax:

sha1($salt . sha1($password));

aaah thanks, it works very well now, thank you, and take care of you, that's so kind from you