Jump to:

1030 Posts in 805 Topics by 311 members

Forum Module

SilverStripe Forums » Forum Module » Change password algorithm?

Discuss the Forum Module.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1 2
Go to End
Author Topic: 2722 Views
  • dompie
    Avatar
    Community Member
    88 Posts

    Change password algorithm? Link to this post

    Hello,

    I'm new to the forum module, is it possible to change the password encryption algorithm to md5? I have to import an old forum to silverstripe, where the passwords were stored as md5 hash. Any ideas how to solve this problem, besides of allowing to store md5 passwords in silverstripe?

    Regards

  • Willr
    Avatar
    Forum Moderator
    5482 Posts

    Re: Change password algorithm? Link to this post

    You can set the PasswordEncryption to md5 manually on a member by member basis by setting the 'PasswordEncryption' field in the database for the user. Or when you run your importer set $member->PasswordEncryption = 'md5'; You'll need to test it fully though.

  • dompie
    Avatar
    Community Member
    88 Posts

    Re: Change password algorithm? Link to this post

    Hi Willr, thanks for answering.

    I have used CSV import from the security admin with the recommended file layout (see attachment).
    Moreover I tried with md5 and md5_v2.4 as PasswordEncription string, but could not log in anyway after import (even after deleting salt or changing the hash manually in DB tables). I could only log in after changing the password by hand in the security panel for the imported user.

    You wrote, I should use $member->PasswordEncryption ... by writing a standalone import script?

    Attached Files
  • dompie
    Avatar
    Community Member
    88 Posts

    Re: Change password algorithm? Link to this post

    Awww, I glanced at the onBeforeWrite function of Member class. I suppose SS encrypts the already encrypted password with a randomly generated salt. That's why my login credentials are not working. Is there a way to tell silverstripe "do not encrypt the provided password" ?

    Any advice welcome.

  • Willr
    Avatar
    Forum Moderator
    5482 Posts

    Re: Change password algorithm? Link to this post

    Ah right the salt, should always use a salt as well as a hash . Though could you just set the salt column to be '' which I would do nothing to the string?

  • dompie
    Avatar
    Community Member
    88 Posts

    Re: Change password algorithm? Link to this post

    Well, it turned out that importing md5 hashed passwords and using them right away is not possible in Silverstripe. It either adds unwanted salts, calculates some special base_converts or requires an unhashed password at some point of the process.

    After spotting that it was no problem anymore to write an own PasswordEncryptor, now password import works as intended.

    Thanks for your suggestions!

  • Willr
    Avatar
    Forum Moderator
    5482 Posts

    Re: Change password algorithm? Link to this post

    After spotting that it was no problem anymore to write an own PasswordEncryptor, now password import works as intended.

    It would be great if you could write up a documentation page to explain how to do this as I am sure someone else will run into this issue.

  • beezer
    Avatar
    Community Member
    16 Posts

    Re: Change password algorithm? Link to this post

    Hi dompie,

    I am setting up an API to manage co-registrations from another site. They will send usernames and ready salted md5 passwords, so if you wouldn't mind posting your solution that would be really helpful.

    Cheers

    2722 Views
Page: 1 2
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.