Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now

Checking osTicket users password from Java code

I know that in osTicket the password is stored (encrypted) in the column passwd in the table ost_staff. I'm writing a java web application where I need to check the password provided by the user with the passwd column, but I don't know how to encrypt the user password to check with the column. Does osTicket uses MD5 to store the password? If so, how would this code loke like? I'm using a raw MD5 in my Java code, but the generated passwords are diferente from the ones in the database.

Thank you.

Marcos

Comments

  • Our application needs to interact with the osTicket database. We have a login form where the user provides its username and password and we would like to check them against the credentials registered in the ost_staff table in the database. But we have to encrypt the user password to compare it with the stored password.

    It would be nice if osTicket provided for us an API of some kind just to check the users credentials. That way we could write a simple php application and consume this application with a REST web service from our Java application in our login page.

    Does anyone have any idea how we would solve this.

    Any help would be appreciated.

    Marcos
  • Q: Does osTicket uses MD5 to store the password?  If so, how would this code loke like?
    A:
    I'm not sure how you can achieve your goals, but I can tell you that the SQL level you can run a command like this to reset the password and it works in osT.
    update ost_staff set passwd = md5('yournewpassword') where staff_id='1';
    So the answer is yes, osT stores the password using MD5.  I have no idea why you would get a different result unless you are using different dataset (aka password).


    Q: It would be nice if osTicket provided for us an API of some kind just to check the users credentials.
    A: The only API available at this time is the ticket (opening) API.  More are planned, but have taken a back seat to "more important" features (like multi-language support).
  • @ntozier - osTicket does NOT store password as MD5 hashes. The system allows MD5 as fallback (necessary for manual password reset) but it gets rehashed on login. Details on how osTicket hashes passwords can be found in include/class.passwd.php
  • edited November 2014
    @ntozier - osTicket does NOT store password as MD5 hashes. The system allows MD5 as fallback (necessary for manual password reset) but it gets rehashed on login. Details on how osTicket hashes passwords can be found in include/class.passwd.php
    That's really what I thought. Before I came here I got lots of MD5 functions in Java and all of them returned the same result when applied to my osTicket password stored in the database. But comparing the result with the crypted password stored in the ost_staff table shows that it is different from it. So, I thought that there should be something more.

    By the way, in which table and column does osTicket store the hash generated for a password? I think now that I need this information to assembly the encrypted password.

    Is this the way to go? If not, what's the right thing to do? What do you advise me to solve the authentication problem agains the ost_staff table in my application?

    Marcos

Sign In or Register to comment.