Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Change password algorithm? » Forum Module

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

Forum Module /

Discuss the Forum Module.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Change password algorithm?

Go to End


11 Posts   7280 Views

Avatar
JonShutt

Community Member, 244 Posts

10 July 2011 at 9:01pm

Hi there. I've got exactly the same problem - 2000 users from an old site, and a new 'silverstriped' version ready to go - i just can't get the users transferred...

did anyone get any documentation written up on this one?

Avatar
dompie

Community Member, 88 Posts

10 July 2011 at 9:46pm

I solved it the following way:

1) Create Encryptor class like e.g.

class ForumPasswordEncryptor extends PasswordEncryptor{
	public function encrypt($password, $salt = null, $member = null){
		return md5(md5($password).$salt);
	}
	public function salt($password, $member = null){
		return '';
	}
}

2) Register you class with a unique string in your config.php

PasswordEncryptor::register('md5_forum', 'ForumPasswordEncryptor');

3) Now it's tricky
I would expect to tell a Member (or Security or Group) to use my newly created encryptor for encryption somehow like this:

// DID NOT WORK
Security::set_password_encryption_algorithm('md5_forum');
$salt = 'Put your salt in here';
$m = new Member();
$m->setField('Email', $user['Email']);
$m->setField('PasswordEncryption', 'md5_forum');

However, this did not work. The passwords in database were different from my test results, so I used instead the following code:

// DID WORK
// Example 1
Security::set_password_encryption_algorithm('none');
$salt = 'Put your salt in here.';
$m = new Member();
$m->setField('Email', $user['Email']);
$m->setField('Password', md5($user['Password'].$salt));
$m->setField('PasswordEncryption', 'none');

This way the password string provided by setField('Password', md5...) was saved exactly the same into database. After this I changed the column holding the encription string in database manually to 'md5_forum' and now I could login into silverstripe with my old password from the other (old) forum.

This have been the steps I remember...hope I didn't forget anything important. Would be nice to hear about your solution. I'd like to know why it didn't work with setting password encryption algorith to 'md5_forum' in my code.

Avatar
brice

Community Member, 52 Posts

15 November 2014 at 12:37pm

PasswordEncryptor::register is deprecated, and you must use the YML config system for SS 3.1+

Thought I would update this thread for those wanting salt-less passwords -- an evil necessity for seamlessly migrating systems...

Behold -- SodiumFreePasswordEncryptor

/**
 * Sodium Free Password Encryptor -- for importing legacy passwords,
 * register via mysite/_config/encryptors.yml, e.g.
 **

---
PasswordEncryptor:
  encryptors:
    sf_md5:
      SodiumFreePasswordEncryptor: md5
    sf_sha1:
      SodiumFreePasswordEncryptor: sha1

 * example usage
 **

$member = new Member();

$member->Email = 'brice@brice.com';
$member->Password = 'brice';
$member->PasswordEncryption = 'sf_md5';
$member->write();

 **
 */

class SodiumFreePasswordEncryptor extends PasswordEncryptor_PHPHash {

    public function salt($password, $member = null){
        return '';
    }
}

GIST here: https://gist.github.com/briceburg/0e8e537b368b8aadeb83

Go to Top
Go to TopReturn to top