Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.

Generate user_salt from user password hash?

Hi,

Can it be done in PF9? Somewhere during the upgrade PF7.01.xx --> PF7.02.xx --> PF8.00.xx that column 'user_salt' appears in the database.

Background: I have tried numerous ways to upgrade PF7.01.xx to PF7.02.xx with no success, no matter what I do and how I approach it. That of course immediately scratches out an upgrade to PF8 and/or PF9. What I finally did is to go over the database structures of PF7.01 and PF9 and to manually transfer the information with MySQL commands from the PF7 site to a fresh install of PF9 (only a superadmin there as asked during install). End result - all works perfectly (localhost test site) with exception of some of the in-house PF7 infusions of course. Now the problem with the empty 'user_salt' is the only thing that prevents me from launching live the upgrade version of the site.

I have searched the forums and probably the closest to my problem is something like here and here. However, I am not sure I completely get it. I also searched the PF7.02/PF8/PF9 code base to try and figure where and what with regards to that password salting but it is still difficult.

What I would like to have is a PF9-style file.php to which I could navigate directly and generate that 'user_salt' from the existing user password hashes. Asking all users to reset their passwords is not very appealing.

Any thoughts? Thanks in advance.

PS: Couldn't find a more proper subforum, please move this thread is necessary.
PF7.1 Uses md5 hasing, in 7.2 you can choose between md5 and sha256. The last one is default.
Unless Pf9 is able to use the old md5 hashing (which I guess it cannot), it is not possible to create the salt.

The hashing is (of course) always non revertible

Quote

PF7.1 Uses md5 hasing, in 7.2 you can choose between md5 and sha256. The last one is default.
Unless Pf9 is able to use the old md5 hashing (which I guess it cannot), it is not possible to create the salt.

The hashing is (of course) always non revertible

I'm on v8 and I see a lot of md5 hashes in the database tables. Reading the previous posts I would like to know if md5 is supported in v8. If not a warning panel should be shown to these users to use the lost password function to regain access to their account.
Based upon my experience:

PF V7 can use SHA256 and MD5.
There is a setting in the settings table "password_algorithm" where you can set the algo for new users
Default is SHA256 (at least for PF7.0.2) Older version I don't remember. Older versions using MD5. Maybe this older versions do not have this setting, but fixed to MD5.

Same setting is available in PF8 and PF9 (9.03.50)
As far as I know, this can setting can not be changed in the admin panel, just enter the value in the DB via PHPMyadmin.

The user table has a field "user_algo" holding the algo for each user. This is for PF7.02.xx, 8 and 9.
So you can used mixed types of algo for every user.
New users are using the value for the algo from the settings table.
Thank you all for the answers.
Going back to my original post, the farthest I have gone with 7.01.06-->7.00.00-->7.02.07 etc... is that - yeah, the site more or less works of course - all users are locked out. Including the super/admins. I could recover the superadmin pass but users will bite the dust.
Am I correct then to assume that at some point, with all that version upgrade, users will be asked in any case to request a new password so that the new hashing can take place? If that is the case then I don't have to go through all that pain and simply stick to what I have already done (my first post). All users will be asked to request a new pass anyway. What does a successful upgrade look like (as I have never succeeded in doing that) - all users retain the old passwords, or are required to ask for new ones?
Thanks in advance.
I think nothing happend for the users. They can still use their old passwords. New users wil get new algo, existing users will stay on old algo.
Thread Information
Author
Replies
6 posts
Views
217 times
Last Post
Last updated on 15 days ago
You can view all discussion threads in this forum.
You cannot set up a bounty in this discussion thread.
You can start a new discussion thread in this forum.
You cannot reply in this discussion thread.
You cannot start on a poll in this forum.
You cannot upload attachments in this forum.
You can download attachments in this forum.
You cannot up or down-vote on the post in this discussion thread.
Users who participated in discussion: Wanabo, hippocanjump, douwe_yntema