Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Forum Module /

Discuss the Forum Module.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba

Change password algorithm?


Go to End
Reply


11 Posts   3599 Views

Avatar
Futureweb

Community Member, 240 Posts

10 July 2011 at 9:01pm

Hi there. I've got exactly the same problem - 2000 users from an old site, and a new 'silverstriped' version ready to go - i just can't get the users transferred...

did anyone get any documentation written up on this one?

Avatar
dompie

Community Member, 88 Posts

10 July 2011 at 9:46pm

I solved it the following way:

1) Create Encryptor class like e.g.

class ForumPasswordEncryptor extends PasswordEncryptor{
	public function encrypt($password, $salt = null, $member = null){
		return md5(md5($password).$salt);
	}
	public function salt($password, $member = null){
		return '';
	}
}

2) Register you class with a unique string in your config.php

PasswordEncryptor::register('md5_forum', 'ForumPasswordEncryptor');

3) Now it's tricky
I would expect to tell a Member (or Security or Group) to use my newly created encryptor for encryption somehow like this:

// DID NOT WORK
Security::set_password_encryption_algorithm('md5_forum');
$salt = 'Put your salt in here';
$m = new Member();
$m->setField('Email', $user['Email']);
$m->setField('PasswordEncryption', 'md5_forum');

However, this did not work. The passwords in database were different from my test results, so I used instead the following code:

// DID WORK
// Example 1
Security::set_password_encryption_algorithm('none');
$salt = 'Put your salt in here.';
$m = new Member();
$m->setField('Email', $user['Email']);
$m->setField('Password', md5($user['Password'].$salt));
$m->setField('PasswordEncryption', 'none');

This way the password string provided by setField('Password', md5...) was saved exactly the same into database. After this I changed the column holding the encription string in database manually to 'md5_forum' and now I could login into silverstripe with my old password from the other (old) forum.

This have been the steps I remember...hope I didn't forget anything important. Would be nice to hear about your solution. I'd like to know why it didn't work with setting password encryption algorith to 'md5_forum' in my code.

Avatar
brice

Community Member, 52 Posts

15 November 2014 at 12:37pm

PasswordEncryptor::register is deprecated, and you must use the YML config system for SS 3.1+

Thought I would update this thread for those wanting salt-less passwords -- an evil necessity for seamlessly migrating systems...

Behold -- SodiumFreePasswordEncryptor

/**
 * Sodium Free Password Encryptor -- for importing legacy passwords,
 * register via mysite/_config/encryptors.yml, e.g.
 **

---
PasswordEncryptor:
  encryptors:
    sf_md5:
      SodiumFreePasswordEncryptor: md5
    sf_sha1:
      SodiumFreePasswordEncryptor: sha1

 * example usage
 **

$member = new Member();

$member->Email = 'brice@brice.com';
$member->Password = 'brice';
$member->PasswordEncryption = 'sf_md5';
$member->write();

 **
 */

class SodiumFreePasswordEncryptor extends PasswordEncryptor_PHPHash {

    public function salt($password, $member = null){
        return '';
    }
}

GIST here: https://gist.github.com/briceburg/0e8e537b368b8aadeb83

Go to Top