We use interaction design & strategy to build awesome websites.

PHP Authentication of ExpressionEngine Users

In a recent project we were working on, we had the need for an external application to verify an account's credentials stored in an ExpressionEngine database. 

Normally, when approaching this type of problem we would take the username and password of the authenticating user, hash the password, and compare it against the database. Due to the sparse documentation on how the ExpressionEngine password hashing functionality works, and becuase the possible methods used to hash a password can vary (md5 or sha1, salt or no salt, etc.) between different member accounts (for example, after running a member import), we felt it wise not to manually hash the passwords.

Thankfully, after a...

Read full article