939 Posts in 271 Topics by 291 members
Forum Module
SilverStripe Forums » Forum Module » Change password algorithm?
Discuss the Forum Module.
Moderators: martimiz, Howard, Sean, Ryan M., biapar, Willr, Ingo, swaiba, simon_w
| Go to End | Next > | |
| Author | Topic: | 2028 Views |
-
Change password algorithm?
24 February 2011 at 1:37am Last edited: 24 February 2011 1:38am
Hello,
I'm new to the forum module, is it possible to change the password encryption algorithm to md5? I have to import an old forum to silverstripe, where the passwords were stored as md5 hash. Any ideas how to solve this problem, besides of allowing to store md5 passwords in silverstripe?
Regards
-
Re: Change password algorithm?
24 February 2011 at 8:36pm
You can set the PasswordEncryption to md5 manually on a member by member basis by setting the 'PasswordEncryption' field in the database for the user. Or when you run your importer set $member->PasswordEncryption = 'md5'; You'll need to test it fully though.
-
Re: Change password algorithm?
25 February 2011 at 3:24am
Hi Willr, thanks for answering.
I have used CSV import from the security admin with the recommended file layout (see attachment).
Moreover I tried with md5 and md5_v2.4 as PasswordEncription string, but could not log in anyway after import (even after deleting salt or changing the hash manually in DB tables). I could only log in after changing the password by hand in the security panel for the imported user.You wrote, I should use $member->PasswordEncryption ... by writing a standalone import script?
Attached Files-
forumusers.csv
648 bytes
-
-
Re: Change password algorithm?
25 February 2011 at 5:29am
Awww, I glanced at the onBeforeWrite function of Member class. I suppose SS encrypts the already encrypted password with a randomly generated salt. That's why my login credentials are not working. Is there a way to tell silverstripe "do not encrypt the provided password" ?
Any advice welcome.
-
Re: Change password algorithm?
25 February 2011 at 12:31pm
Ah right the salt, should always use a salt as well as a hash
. Though could you just set the salt column to be '' which I would do nothing to the string? -
Re: Change password algorithm?
25 February 2011 at 11:36pm
Well, it turned out that importing md5 hashed passwords and using them right away is not possible in Silverstripe. It either adds unwanted salts, calculates some special base_converts or requires an unhashed password at some point of the process.
After spotting that it was no problem anymore to write an own PasswordEncryptor, now password import works as intended.
Thanks for your suggestions!
-
Re: Change password algorithm?
26 February 2011 at 12:17pm
After spotting that it was no problem anymore to write an own PasswordEncryptor, now password import works as intended.
It would be great if you could write up a documentation page to explain how to do this as I am sure someone else will run into this issue.
-
Re: Change password algorithm?
17 June 2011 at 3:20am
Hi dompie,
I am setting up an API to manage co-registrations from another site. They will send usernames and ready salted md5 passwords, so if you wouldn't mind posting your solution that would be really helpful.
Cheers
| 2028 Views | ||
| Go to Top | Next > |
