Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

Migrating a Site to Silverstripe /

What you need to know when migrating your existing site to SilverStripe.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

bugfix: migrating members with hashed but unsalted passwords


Go to End


1938 Views

Avatar
MattB

Community Member, 7 Posts

28 April 2011 at 9:31pm

Hi team,

While migrating users from a foreign system into the Member table, a bug surfaced in the way password hashes are handled.

It seems Security::encrypt_password() doesn't differentiate between:

1. plaintext passwords needing hashing for the first time (`Salt` is NULL)
2. hashed but unsalted passwords (`Salt` is empty string '')

This can be fixed in:
sapphire/security/Security.php#842

by changing:
$salt = ($salt) ? $salt : $e->salt($password);

to:
$salt = isset ($salt) ? $salt : $e->salt($password);

Cheers, Matt