I'm new to the forum module, is it possible to change the password encryption algorithm to md5? I have to import an old forum to silverstripe, where the passwords were stored as md5 hash. Any ideas how to solve this problem, besides of allowing to store md5 passwords in silverstripe?
You can set the PasswordEncryption to md5 manually on a member by member basis by setting the 'PasswordEncryption' field in the database for the user. Or when you run your importer set $member->PasswordEncryption = 'md5'; You'll need to test it fully though.
I have used CSV import from the security admin with the recommended file layout (see attachment).
Moreover I tried with md5 and md5_v2.4 as PasswordEncription string, but could not log in anyway after import (even after deleting salt or changing the hash manually in DB tables). I could only log in after changing the password by hand in the security panel for the imported user.
You wrote, I should use $member->PasswordEncryption ... by writing a standalone import script?
Awww, I glanced at the onBeforeWrite function of Member class. I suppose SS encrypts the already encrypted password with a randomly generated salt. That's why my login credentials are not working. Is there a way to tell silverstripe "do not encrypt the provided password" ?
Well, it turned out that importing md5 hashed passwords and using them right away is not possible in Silverstripe. It either adds unwanted salts, calculates some special base_converts or requires an unhashed password at some point of the process.
After spotting that it was no problem anymore to write an own PasswordEncryptor, now password import works as intended.
I am setting up an API to manage co-registrations from another site. They will send usernames and ready salted md5 passwords, so if you wouldn't mind posting your solution that would be really helpful.