Generating the verification code for a lost password?

Question

I need to generate the token/verification code for a user having lost his/her password, but I can't rely on the existing Joomla installation, as 1) it's a very old Joomla installation (1.5.15) and 2) it's one of my project's requirements. I can't touch anything, as it's a third-party job, but I need to implement a password recovery system for mobile users (iOS and Android for now) and I need to know which algorithm does the password recovery system uses.

Can anyone tell me how does it work?

Answer 1

In Joomla You can check following files

components/com_users/controller/reset.php
components/com_users/modles/reset.php

In controller file you can find one function name request();

It uses a function the model processResetRequest();

In side this function it will create the activation token with following codes

     // Set the confirmation token.
$token = JUtility::getHash(JUserHelper::genRandomPassword());
$salt = JUserHelper::getSalt('crypt-md5');
$hashedToken = md5($token.$salt).':'.$salt;

$user->activation = $hashedToken;

Also joomla is verifying the token its getting correct then it will allow users to create new password.If you want to do that you can use following code for joomla standard password.

jimport('joomla.user.helper');
 $salt = JUserHelper::genRandomPassword(32);
 $crypt = JUserHelper::getCryptedPassword($password_choose, $salt);
 $password = $crypt.':'.$salt;

the above code is creating the joomla passwords.

If you are planning to use this for mobile device and without editing the core joomla the you can create a file on root and achieve it as like this

Hope this may help you..