Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Forum Module /

Discuss the Forum Module.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Change password algorithm?

Go to End

11 Posts   5244 Views


Community Member, 244 Posts

10 July 2011 at 9:01pm

Hi there. I've got exactly the same problem - 2000 users from an old site, and a new 'silverstriped' version ready to go - i just can't get the users transferred...

did anyone get any documentation written up on this one?


Community Member, 88 Posts

10 July 2011 at 9:46pm

I solved it the following way:

1) Create Encryptor class like e.g.

class ForumPasswordEncryptor extends PasswordEncryptor{
	public function encrypt($password, $salt = null, $member = null){
		return md5(md5($password).$salt);
	public function salt($password, $member = null){
		return '';

2) Register you class with a unique string in your config.php

PasswordEncryptor::register('md5_forum', 'ForumPasswordEncryptor');

3) Now it's tricky
I would expect to tell a Member (or Security or Group) to use my newly created encryptor for encryption somehow like this:

$salt = 'Put your salt in here';
$m = new Member();
$m->setField('Email', $user['Email']);
$m->setField('PasswordEncryption', 'md5_forum');

However, this did not work. The passwords in database were different from my test results, so I used instead the following code:

// Example 1
$salt = 'Put your salt in here.';
$m = new Member();
$m->setField('Email', $user['Email']);
$m->setField('Password', md5($user['Password'].$salt));
$m->setField('PasswordEncryption', 'none');

This way the password string provided by setField('Password', md5...) was saved exactly the same into database. After this I changed the column holding the encription string in database manually to 'md5_forum' and now I could login into silverstripe with my old password from the other (old) forum.

This have been the steps I remember...hope I didn't forget anything important. Would be nice to hear about your solution. I'd like to know why it didn't work with setting password encryption algorith to 'md5_forum' in my code.


Community Member, 52 Posts

15 November 2014 at 12:37pm

PasswordEncryptor::register is deprecated, and you must use the YML config system for SS 3.1+

Thought I would update this thread for those wanting salt-less passwords -- an evil necessity for seamlessly migrating systems...

Behold -- SodiumFreePasswordEncryptor

 * Sodium Free Password Encryptor -- for importing legacy passwords,
 * register via mysite/_config/encryptors.yml, e.g.

      SodiumFreePasswordEncryptor: md5
      SodiumFreePasswordEncryptor: sha1

 * example usage

$member = new Member();

$member->Email = '';
$member->Password = 'brice';
$member->PasswordEncryption = 'sf_md5';


class SodiumFreePasswordEncryptor extends PasswordEncryptor_PHPHash {

    public function salt($password, $member = null){
        return '';

GIST here:

Go to Top