I am trying to integrate a Simple Machines Forum, more specifically the database for users and logins etc, into my project.
I don't really want to use an external web call as I am doing this, as much as possible, in MySQL, so I might have the crypto functions needed in there.
How does SMF verify the password (passwd), I have noticed there is a password_salt, how are these elements used to verify a plain text password?
I've found the answer in pure MySQL. You lowercase the member name, combine it with the plain text password, and SHA 1 hash the contents. The query below shows the stored hashed password, username (make sure you've got the right account) and the manual hashed password.
select passwd, member_name, SHA1( CONCAT( LOWER( member_name ) , 'test' ) ) as hashed
from smf_forum_members
where member_name = 'name'