This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.
Please use forum.silverstripe.org for any new questions
(announcement).
The forum archive will stick around, but will be read only.
You can also use our Slack channel
or StackOverflow to ask for help.
Check out our community overview for more options to contribute.
Hello,
I'm new to the forum module, is it possible to change the password encryption algorithm to md5? I have to import an old forum to silverstripe, where the passwords were stored as md5 hash. Any ideas how to solve this problem, besides of allowing to store md5 passwords in silverstripe?
Regards
You can set the PasswordEncryption to md5 manually on a member by member basis by setting the 'PasswordEncryption' field in the database for the user. Or when you run your importer set $member->PasswordEncryption = 'md5'; You'll need to test it fully though.
Hi Willr, thanks for answering.
I have used CSV import from the security admin with the recommended file layout (see attachment).
Moreover I tried with md5 and md5_v2.4 as PasswordEncription string, but could not log in anyway after import (even after deleting salt or changing the hash manually in DB tables). I could only log in after changing the password by hand in the security panel for the imported user.
You wrote, I should use $member->PasswordEncryption ... by writing a standalone import script?
forumusers.csv
Awww, I glanced at the onBeforeWrite function of Member class. I suppose SS encrypts the already encrypted password with a randomly generated salt. That's why my login credentials are not working. Is there a way to tell silverstripe "do not encrypt the provided password" ?
Any advice welcome.
Ah right the salt, should always use a salt as well as a hash :). Though could you just set the salt column to be '' which I would do nothing to the string?
Well, it turned out that importing md5 hashed passwords and using them right away is not possible in Silverstripe. It either adds unwanted salts, calculates some special base_converts or requires an unhashed password at some point of the process.
After spotting that it was no problem anymore to write an own PasswordEncryptor, now password import works as intended.
Thanks for your suggestions! :)
After spotting that it was no problem anymore to write an own PasswordEncryptor, now password import works as intended.
It would be great if you could write up a documentation page to explain how to do this as I am sure someone else will run into this issue.
Hi dompie,
I am setting up an API to manage co-registrations from another site. They will send usernames and ready salted md5 passwords, so if you wouldn't mind posting your solution that would be really helpful.
Cheers
