For hashing Traccar uses PBKDF2 with HMAC-SHA1.
I believe PHP has native implementation staring from 5.5: http://php.net/hash-pbkdf2
For older version you can use: https://defuse.ca/php-pbkdf2.htm
For hashing parameters (iterations, sizes etc) you can look at this class:
https://github.com/tananaev/traccar/blob/master/src/org/traccar/helper/Hashing.java
Hi guys,
Here a implementation with Traccar database for login.
public function doLogin($u,$p){ $hosteo = new Host(1); $this->set_conexion($hosteo->datos['host'],$hosteo->datos['user'],$hosteo->datos['pass'],$hosteo->datos['bd']); $consulta ='SELECT u.id as llave, u.name as nombre, u.hashedPassword as hashed,u.salt as salto,u.admin as estado FROM user u INNER JOIN users us ON us.id = u.id WHERE us.login = "'.$u.'"'; $result = $this->sql_con->query($consulta); $dato['estado'] = false; if($result === false) { trigger_error('Ha ocurrido un error'); } else{ while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { $data = $p; $key = $this->hexToStr($row['salto']); $hashed = hash_pbkdf2("sha1",$data, $key,1000,24,true); if ($this->strToHex($hashed)==$row['hashed']){ $dato['estado'] = true; session_start(); $_SESSION['loginstate'] = 1; } } } array_push($this->datos, $dato); } public function strToHex($string){ $hex=''; for ($i=0; $i < strlen($string); $i++){ $hex .= dechex(ord($string[$i])); } return strtoupper($hex); } public function hexToStr($hex){ $string=''; for ($i=0; $i < strlen($hex)-1; $i+=2){ $string .= chr(hexdec($hex[$i].$hex[$i+1])); } return $string; }
Great Information and sample ivalenzuela.
Anton, If you find this right maybe it could be great idea to add this to documentation for third party integration etc with PHP.
And ivalenzuela do you have a function already you have created for creating accounts?
instead of custom functions 'stringToHex' and 'hexToString', one should use php inbuilt functions hex2bin and bin2hex.
in case that someone needs to create an account in traccar users table:
$name = "the_name";
$email = "the_email";
$password = "the_password";
$string = mcrypt_create_iv(24, MCRYPT_DEV_URANDOM);
$salt = strtoupper(bin2hex($string));
$hash = hash_pbkdf2("sha1", $password, $string, 1000, 24, true);
$hash = strtoupper(bin2hex($hash));
finally execute the following query:
INSERT INTO users (name, email, hashedpassword, salt, readonly, admin, map, language, distanceunit, speedunit, latitude, longitude, zoom) VALUES ('$name', '$email', '$hash', '$salt', 0, 0, 'osm', 'en', 'km', 'kmh', 0, 0, 0);
try to enter in traccar server!
Thanks for sharing the info.
Thankyou the tips worked like charm. I suggest add other fields in devices table, eq: gsm_number for sms tracking or callback command from server to devices
In fact I use the above routine to connect a lot of info, using email field, to a wide world of information on my relational database, like maintenance records on truck, driver, renewal of insurance, all infos on GPS equipment, SIM data and so on. So when I create or delete user account on my system I do the same on traccar "users" table, it's also managed the change of password.
List but not last it's a multi company software.
Regards
And you can login in to traccar using api from a php page:
$login = "email=".$usr_email."&password=".$usr_password;
$url = "http://<traccar_server_ip>:<traccar_server_port>/api/session";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $login);
$content = curl_exec($ch);
// get cookies
$cookies = array();
preg_match_all('/Set-Cookie:(?<cookie>\s{0,}.*)$/im', $content, $cookies);
$kk = $cookies['cookie'][0];
header("Set-Cookie: ".$kk);
And then redirect to traccar server
Hello Andrea
Do you have a example to send a command with traccar api in php?
no, only login procedure... Extracted from a PHP framework!
in case that someone needs to create an account in traccar users table:...
finally execute the following query:
...
try to enter in traccar server!
how about code to login? can you share it. thanks.
I am Facing problem in loin with PHP . Someone can help me regarding this .
Look at the post history... pay attention that the API login save cookies to grant so the server ip/domain must be the same.
Hi all
Anyone can point me to work with password / hash and salt ?
What i need is insert user from a form but im not figure out how to hash and salt work ... can anyone help me ?
im using php 5.4
Best Regards