Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Forum Module

Discuss the Forum Module.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Change password algorithm?


Reply

10 Posts   2846 Views

Avatar
Futureweb

10 July 2011 at 9:01pm Community Member, 233 Posts

Hi there. I've got exactly the same problem - 2000 users from an old site, and a new 'silverstriped' version ready to go - i just can't get the users transferred...

did anyone get any documentation written up on this one?

Avatar
dompie

10 July 2011 at 9:46pm Community Member, 88 Posts

I solved it the following way:

1) Create Encryptor class like e.g.

class ForumPasswordEncryptor extends PasswordEncryptor{
   public function encrypt($password, $salt = null, $member = null){
      return md5(md5($password).$salt);
   }
   public function salt($password, $member = null){
      return '';
   }
}

2) Register you class with a unique string in your config.php

PasswordEncryptor::register('md5_forum', 'ForumPasswordEncryptor');

3) Now it's tricky
I would expect to tell a Member (or Security or Group) to use my newly created encryptor for encryption somehow like this:

// DID NOT WORK
Security::set_password_encryption_algorithm('md5_forum');
$salt = 'Put your salt in here';
$m = new Member();
$m->setField('Email', $user['Email']);
$m->setField('PasswordEncryption', 'md5_forum');

However, this did not work. The passwords in database were different from my test results, so I used instead the following code:

// DID WORK
// Example 1
Security::set_password_encryption_algorithm('none');
$salt = 'Put your salt in here.';
$m = new Member();
$m->setField('Email', $user['Email']);
$m->setField('Password', md5($user['Password'].$salt));
$m->setField('PasswordEncryption', 'none');

This way the password string provided by setField('Password', md5...) was saved exactly the same into database. After this I changed the column holding the encription string in database manually to 'md5_forum' and now I could login into silverstripe with my old password from the other (old) forum.

This have been the steps I remember...hope I didn't forget anything important. Would be nice to hear about your solution. I'd like to know why it didn't work with setting password encryption algorith to 'md5_forum' in my code.