Jump to:

310 Posts in 82 Topics by 148 members

Migrating a Site to Silverstripe

SilverStripe Forums » Migrating a Site to Silverstripe » bugfix: migrating members with hashed but unsalted passwords

What you need to know when migrating your existing site to SilverStripe.

Moderators: martimiz, Howard, Sean, Ryan M., biapar, Willr, Ingo, swaiba, simon_w

Page: 1	Go to End
Author	Topic:	742 Views

MattB

Community Member
7 Posts

bugfix: migrating members with hashed but unsalted passwords

28 April 2011 at 9:31pm

Hi team,
While migrating users from a foreign system into the Member table, a bug surfaced in the way password hashes are handled.
It seems Security::encrypt_password() doesn't differentiate between:
1. plaintext passwords needing hashing for the first time (`Salt` is NULL)
2. hashed but unsalted passwords (`Salt` is empty string '')
This can be fixed in:
sapphire/security/Security.php#842
by changing:
$salt = ($salt) ? $salt : $e->salt($password);
to:
$salt = isset ($salt) ? $salt : $e->salt($password);
Cheers, Matt

		742 Views
Page: 1	Go to Top

On to “The news!” - News via the ModelAdmin

Simon 'Sphere' Erkelens is a freelance developer, fulltime employee of We::Code in the Netherlands with a tertiary background in applied physics. Before that, Simon worked for Squal Media. He started using SilverStripe at the end of 2009. Simon has given multiple presentations on implementing...

Read on

Follow @SilverStripe

Quick links

Ask questions in our Forums

Learn all about our CMS

Download SilverStripe

Try SilverStripe yourself in our online demo

Get inspired. See our Community Showcase

Learn all about the SilverStripe Framework

See all the free support options we offer

Stay up to date with our SilverStripe Newsletter

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.

Privacy Policy