Jump to:

324 Posts in 153 Topics by 156 members

Migrating a Site to Silverstripe

SilverStripe Forums » Migrating a Site to Silverstripe » bugfix: migrating members with hashed but unsalted passwords

What you need to know when migrating your existing site to SilverStripe.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 883 Views
  • MattB
    Avatar
    Community Member
    7 Posts

    bugfix: migrating members with hashed but unsalted passwords Link to this post

    Hi team,

    While migrating users from a foreign system into the Member table, a bug surfaced in the way password hashes are handled.

    It seems Security::encrypt_password() doesn't differentiate between:

    1. plaintext passwords needing hashing for the first time (`Salt` is NULL)
    2. hashed but unsalted passwords (`Salt` is empty string '')

    This can be fixed in:
    sapphire/security/Security.php#842

    by changing:
    $salt = ($salt) ? $salt : $e->salt($password);

    to:
    $salt = isset ($salt) ? $salt : $e->salt($password);

    Cheers, Matt

    883 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.