Subsonic Forum

Hi,

I see that the admin user has the password set as "enc:*****..."

What type of hash is that? Is it possible to reproduce it through php?

Also, is their any difference between the admin user and users added after the install, in terms of the password hash?
I see that a second user I have created has a short hash length.

Thanks,

I have downloaded the source of subsonic. in order to try to figure this out. In the UserDao.Java file, the following function encodes the password string:

Code: Select all

return "enc:" + StringUtil.utf8HexEncode(s);

Basically I need to reset the password every night for a bunch of users on subsonic. So I have put together a little curl script that will attempt to change the passwords through http://hostname/subsonic/db.view.

Now, the problem is that I don't know what function is needed to create a hash to insert into the user table?!

Ok so the StringUtil.java file has these 2 functions used in the password hashing:

Code: Select all

    public static String utf8HexEncode(String s) throws Exception {
        if (s == null) {
            return null;
        }
        byte[] utf8 = s.getBytes(ENCODING_UTF8);
        return String.valueOf(Hex.encodeHex(utf8));
    }

    public static String utf8HexDecode(String s) throws Exception {
        if (s == null) {
            return null;
        }
        return new String(Hex.decodeHex(s.toCharArray()), ENCODING_UTF8);
    }


If someone can translate these functions over to php syntax, I would greatly appreciate it...

Just a naive question here, but instead of having to reset a whole bunch of user passwords (I'm not even going to ask why you're doing that ), why not just distribute a guest user and reset that user's password however often you choose?

/D

deriksen wrote:Just a naive question here, but instead of having to reset a whole bunch of user passwords (I'm not even going to ask why you're doing that ), why not just distribute a guest user and reset that user's password however often you choose?

/D

I should be more clear about that. I have 15 virtual machines running subsonic. Its annoying to change passwords on all the different machines. The number of my VMs will grow in the future. Thats the reason that I have also made the curl script. I would like to automate this whole process...

Hope that helps.

If anyone needs to do this, here is the php equivalent:

Code: Select all

<?php

  # Source: http://stackoverflow.com/questions/885597/string-to-byte-array-in-php
  function HexEncode ($string)
  {
    $hex_ary = array();
    foreach (str_split($string) as $chr)
    {
      $hex_ary[] = sprintf("%02X", ord($chr));
    }
    return implode('',$hex_ary);
  }

?>