Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Forum Module /

Discuss the Forum Module.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Change password algorithm?


Go to End
Reply


11 Posts   3036 Views

Avatar
Futureweb

Community Member, 233 Posts

10 July 2011 at 9:01pm

Hi there. I've got exactly the same problem - 2000 users from an old site, and a new 'silverstriped' version ready to go - i just can't get the users transferred...

did anyone get any documentation written up on this one?

Avatar
dompie

Community Member, 88 Posts

10 July 2011 at 9:46pm

I solved it the following way:

1) Create Encryptor class like e.g.

class ForumPasswordEncryptor extends PasswordEncryptor{
   public function encrypt($password, $salt = null, $member = null){
      return md5(md5($password).$salt);
   }
   public function salt($password, $member = null){
      return '';
   }
}

2) Register you class with a unique string in your config.php

PasswordEncryptor::register('md5_forum', 'ForumPasswordEncryptor');

3) Now it's tricky
I would expect to tell a Member (or Security or Group) to use my newly created encryptor for encryption somehow like this:

// DID NOT WORK
Security::set_password_encryption_algorithm('md5_forum');
$salt = 'Put your salt in here';
$m = new Member();
$m->setField('Email', $user['Email']);
$m->setField('PasswordEncryption', 'md5_forum');

However, this did not work. The passwords in database were different from my test results, so I used instead the following code:

// DID WORK
// Example 1
Security::set_password_encryption_algorithm('none');
$salt = 'Put your salt in here.';
$m = new Member();
$m->setField('Email', $user['Email']);
$m->setField('Password', md5($user['Password'].$salt));
$m->setField('PasswordEncryption', 'none');

This way the password string provided by setField('Password', md5...) was saved exactly the same into database. After this I changed the column holding the encription string in database manually to 'md5_forum' and now I could login into silverstripe with my old password from the other (old) forum.

This have been the steps I remember...hope I didn't forget anything important. Would be nice to hear about your solution. I'd like to know why it didn't work with setting password encryption algorith to 'md5_forum' in my code.

Avatar
brice

Community Member, 52 Posts

15 November 2014 at 12:37pm

PasswordEncryptor::register is deprecated, and you must use the YML config system for SS 3.1+

Thought I would update this thread for those wanting salt-less passwords -- an evil necessity for seamlessly migrating systems...

Behold -- SodiumFreePasswordEncryptor

/**
* Sodium Free Password Encryptor -- for importing legacy passwords,
* register via mysite/_config/encryptors.yml, e.g.
**

---
PasswordEncryptor:
encryptors:
sf_md5:
SodiumFreePasswordEncryptor: md5
sf_sha1:
SodiumFreePasswordEncryptor: sha1

* example usage
**

$member = new Member();

$member->Email = 'brice@brice.com';
$member->Password = 'brice';
$member->PasswordEncryption = 'sf_md5';
$member->write();

**
*/

class SodiumFreePasswordEncryptor extends PasswordEncryptor_PHPHash {

public function salt($password, $member = null){
return '';
}
}

GIST here: [url]https://gist.github.com/briceburg/0e8e537b368b8aadeb83[/url]

Go to Top