Tuesday, July 8, 2014

How is the PowerSchool admin login form processed?

Understand how PowerSchool works is very important if you're working as a developer at a school which is using PowerSchool as the Student Information System. PowerSchool is a big web application with a lot of components working together. It will take a huge amount of time to master all of them, so to get started, I will go through the admin login process of PowerSchool.

1. The first time you access the admin login page (http://mydomain.com/admin/pw.html), PowerSchool will give you a random token, pstoken input field of LoginForm:

<input type="hidden" name="pstoken" value="20233460462xtw69pPuoIBNJ1RyLBnKsfuykVNlJzd">

2. The admin user input username and password into the form (in the form of <username;password>), and press submit button.


3. Before the form's data is sent to PowerSchool server, the password is hashed using base64 md5 and then hashed again with the token provided in step (1)

If the user is a ldap user, the ldappassword field will be the inputted password without hashing:

/admin/javascript/md5.js

function doAdminLogin(form)
{
//deleteCookie("psaid");
var pw = form.password.value;
var i = pw.indexOf(";");
if (i < 0) {
form.username.value = pw;
form.password.value = "";
}
else {
form.username.value = pw.substring(0,i);
pw = pw.substring(i+1); // Get the password
pw2 = pw;
pw =b64_md5(pw);
form.password.value = hex_hmac_md5(pskey, pw);
if (form.ldappassword!=null) {
// LDAP is enabled, so send the clear-text password
// Customers should have SSL enabled if they are using LDAP
form.ldappassword.value = pw2; // Send the pw for LDAP
}
}
return true;
}


So now you can use the curl lib to emulate the admin login in PowerSchool.