Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Migrating a Site to Silverstripe /

What you need to know when migrating your existing site to SilverStripe.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

bugfix: migrating members with hashed but unsalted passwords


Reply


965 Views

Avatar
MattB

Community Member, 7 Posts

28 April 2011 at 9:31pm

Hi team,

While migrating users from a foreign system into the Member table, a bug surfaced in the way password hashes are handled.

It seems Security::encrypt_password() doesn't differentiate between:

1. plaintext passwords needing hashing for the first time (`Salt` is NULL)
2. hashed but unsalted passwords (`Salt` is empty string '')

This can be fixed in:
sapphire/security/Security.php#842

by changing:
$salt = ($salt) ? $salt : $e->salt($password);

to:
$salt = isset ($salt) ? $salt : $e->salt($password);

Cheers, Matt