Pixeldust Drupal Support Service

How do i verify users passwords from the hash in the database without drupal core logic

I oversee a proprietary CMS with a headless Drupal back-end. We use Drupal to authenticate users, manage permissions and roles, and store HTML for almost 13, 000 pages. As our needs have grown, our custom code base has expanded, and Drupal’s role in the project has diminished. Most of the app logic is now handled by a Node.js Express server. The Express app has access to the Drupal database and is already performing some read operations on Drupal tables.

I’d like to start migrating some features off of Drupal and onto the custom app. The one I’m most concerned about is authentication.

Authorization is currently setup as follows. User visits a non-Drupal app landing page. Submits username and password to the Express app, the app uses Drupal’s rest login to check for a successful logon. If successful, the app uses standard Express practices to create a session and hand out a cookie.

I’m hoping that the express app can start checking passwords in the database directly, instead of using the Drupal API. I’d prefer that my users not have to reset their passwords and I’d prefer not to disrupt some relationships i have built with the Drupal user tables. In summary, my questions are these:

  1. How can i check that the hashed password in the DB matches the password submit by the user?

  2. Is the salt value in the settings.php file the one used encrypt passwords in the database or is that salt value somewhere else?

2a. NEW QUESTION: According to the Drupal Docs an unique salt is generated for every user and store in the database, possibly concatenated with the hashed password. Where are these unique salts stored and if they are concatenated with the hashed password, how can I separate them from the salted password? Are the salts concatenated on the end of the hashed password or the beginning. Are they always the same length? What is that length?

  1. What algorithm or module does Drupal use in combination with the salt value to created hashed passwords?

  2. If find the algorithm and salt values is it likely that this system is portable to node.js or are there php or Drupal idiosyncrasies that would prevent a migration.

Thank you in advance for you consideration. I realize it’s a little tacky to ask questions about moving off of Drupal, but I’m still a big fan of the platform and the community. It’s been very good for our operation.

Tony

This article was republished from its original source.
Call Us: 1(800)730-2416

Pixeldust is a 20-year-old web development agency specializing in Drupal and WordPress and working with clients all over the country. With our best in class capabilities, we work with small businesses and fortune 500 companies alike. Give us a call at 1(800)730-2416 and let’s talk about your project.

Let's Talk About a Project

FREE Drupal SEO Audit

Test your site below to see which issues need to be fixed. We will fix them and optimize your Drupal site 100% for Google and Bing. (Allow 30-60 seconds to gather data.)

Powered by

How do i verify users passwords from the hash in the database without drupal core logic

On-Site Drupal SEO Master Setup

We make sure your site is 100% optimized (and stays that way) for the best SEO results.

With Pixeldust On-site (or On-page) SEO we make changes to your site’s structure and performance to make it easier for search engines to see and understand your site’s content. Search engines use algorithms to rank sites by degrees of relevance. Our on-site optimization ensures your site is configured to provide information in a way that meets Google and Bing standards for optimal indexing.

This service includes:

  • Pathauto install and configuration for SEO-friendly URLs.
  • Meta Tags install and configuration with dynamic tokens for meta titles and descriptions for all content types.
  • Install and fix all issues on the SEO checklist module.
  • Install and configure XML sitemap module and submit sitemaps.
  • Install and configure Google Analytics Module.
  • Install and configure Yoast.
  • Install and configure the Advanced Aggregation module to improve performance by minifying and merging CSS and JS.
  • Install and configure Schema.org Metatag.
  • Configure robots.txt.
  • Google Search Console setup snd configuration.
  • Find & Fix H1 tags.
  • Find and fix duplicate/missing meta descriptions.
  • Find and fix duplicate title tags.
  • Improve title, meta tags, and site descriptions.
  • Optimize images for better search engine optimization. Automate where possible.
  • Find and fix the missing alt and title tag for all images. Automate where possible.
  • The project takes 1 week to complete.
MASTER YOUR DRUPAL SEO
Pixeldust and Pantheon Drupal Development
256