Generate user_salt from user password hash?
Asked Modified Viewed 1,266 times
hippocanjump
hippocanjump 10
- Junior Member, joined since
- Contributed 18 posts on the community forums.
- Started 5 threads in the forums
- Started this discussions
Hi,
Can it be done in PF9? Somewhere during the upgrade PF7.01.xx --> PF7.02.xx --> PF8.00.xx that column 'user_salt' appears in the database.
Background: I have tried numerous ways to upgrade PF7.01.xx to PF7.02.xx with no success, no matter what I do and how I approach it. That of course immediately scratches out an upgrade to PF8 and/or PF9. What I finally did is to go over the database structures of PF7.01 and PF9 and to manually transfer the information with MySQL commands from the PF7 site to a fresh install of PF9 (only a superadmin there as asked during install). End result - all works perfectly (localhost test site) with exception of some of the in-house PF7 infusions of course. Now the problem with the empty 'user_salt' is the only thing that prevents me from launching live the upgrade version of the site.
I have searched the forums and probably the closest to my problem is something like here and here. However, I am not sure I completely get it. I also searched the PF7.02/PF8/PF9 code base to try and figure where and what with regards to that password salting but it is still difficult.
What I would like to have is a PF9-style file.php to which I could navigate directly and generate that 'user_salt' from the existing user password hashes. Asking all users to reset their passwords is not very appealing.
Any thoughts? Thanks in advance.
PS: Couldn't find a more proper subforum, please move this thread is necessary.
Can it be done in PF9? Somewhere during the upgrade PF7.01.xx --> PF7.02.xx --> PF8.00.xx that column 'user_salt' appears in the database.
Background: I have tried numerous ways to upgrade PF7.01.xx to PF7.02.xx with no success, no matter what I do and how I approach it. That of course immediately scratches out an upgrade to PF8 and/or PF9. What I finally did is to go over the database structures of PF7.01 and PF9 and to manually transfer the information with MySQL commands from the PF7 site to a fresh install of PF9 (only a superadmin there as asked during install). End result - all works perfectly (localhost test site) with exception of some of the in-house PF7 infusions of course. Now the problem with the empty 'user_salt' is the only thing that prevents me from launching live the upgrade version of the site.
I have searched the forums and probably the closest to my problem is something like here and here. However, I am not sure I completely get it. I also searched the PF7.02/PF8/PF9 code base to try and figure where and what with regards to that password salting but it is still difficult.
What I would like to have is a PF9-style file.php to which I could navigate directly and generate that 'user_salt' from the existing user password hashes. Asking all users to reset their passwords is not very appealing.
Any thoughts? Thanks in advance.
PS: Couldn't find a more proper subforum, please move this thread is necessary.
Edited by hippocanjump on 20-06-2020 12:07,
douwe_yntema
douwe_yntema 33
- Senior Member, joined since
- Contributed 667 posts on the community forums.
- Started 57 threads in the forums
- Answered 1 question
PF7.1 Uses md5 hasing, in 7.2 you can choose between md5 and sha256. The last one is default.
Unless Pf9 is able to use the old md5 hashing (which I guess it cannot), it is not possible to create the salt.
The hashing is (of course) always non revertible
Unless Pf9 is able to use the old md5 hashing (which I guess it cannot), it is not possible to create the salt.
The hashing is (of course) always non revertible
Wanabo
Wanabo 10
- Senior Member, joined since
- Contributed 598 posts on the community forums.
- Started 94 threads in the forums
Quote
PF7.1 Uses md5 hasing, in 7.2 you can choose between md5 and sha256. The last one is default.
Unless Pf9 is able to use the old md5 hashing (which I guess it cannot), it is not possible to create the salt.
The hashing is (of course) always non revertible
I'm on v8 and I see a lot of md5 hashes in the database tables. Reading the previous posts I would like to know if md5 is supported in v8. If not a warning panel should be shown to these users to use the lost password function to regain access to their account.
douwe_yntema
douwe_yntema 33
- Senior Member, joined since
- Contributed 667 posts on the community forums.
- Started 57 threads in the forums
- Answered 1 question
Based upon my experience:
PF V7 can use SHA256 and MD5.
There is a setting in the settings table "password_algorithm" where you can set the algo for new users
Default is SHA256 (at least for PF7.0.2) Older version I don't remember. Older versions using MD5. Maybe this older versions do not have this setting, but fixed to MD5.
Same setting is available in PF8 and PF9 (9.03.50)
As far as I know, this can setting can not be changed in the admin panel, just enter the value in the DB via PHPMyadmin.
The user table has a field "user_algo" holding the algo for each user. This is for PF7.02.xx, 8 and 9.
So you can used mixed types of algo for every user.
New users are using the value for the algo from the settings table.
PF V7 can use SHA256 and MD5.
There is a setting in the settings table "password_algorithm" where you can set the algo for new users
Default is SHA256 (at least for PF7.0.2) Older version I don't remember. Older versions using MD5. Maybe this older versions do not have this setting, but fixed to MD5.
Same setting is available in PF8 and PF9 (9.03.50)
As far as I know, this can setting can not be changed in the admin panel, just enter the value in the DB via PHPMyadmin.
The user table has a field "user_algo" holding the algo for each user. This is for PF7.02.xx, 8 and 9.
So you can used mixed types of algo for every user.
New users are using the value for the algo from the settings table.
hippocanjump
hippocanjump 10
- Junior Member, joined since
- Contributed 18 posts on the community forums.
- Started 5 threads in the forums
- Started this discussions
Thank you all for the answers.
Going back to my original post, the farthest I have gone with 7.01.06-->7.00.00-->7.02.07 etc... is that - yeah, the site more or less works of course - all users are locked out. Including the super/admins. I could recover the superadmin pass but users will bite the dust.
Am I correct then to assume that at some point, with all that version upgrade, users will be asked in any case to request a new password so that the new hashing can take place? If that is the case then I don't have to go through all that pain and simply stick to what I have already done (my first post). All users will be asked to request a new pass anyway. What does a successful upgrade look like (as I have never succeeded in doing that) - all users retain the old passwords, or are required to ask for new ones?
Thanks in advance.
Going back to my original post, the farthest I have gone with 7.01.06-->7.00.00-->7.02.07 etc... is that - yeah, the site more or less works of course - all users are locked out. Including the super/admins. I could recover the superadmin pass but users will bite the dust.
Am I correct then to assume that at some point, with all that version upgrade, users will be asked in any case to request a new password so that the new hashing can take place? If that is the case then I don't have to go through all that pain and simply stick to what I have already done (my first post). All users will be asked to request a new pass anyway. What does a successful upgrade look like (as I have never succeeded in doing that) - all users retain the old passwords, or are required to ask for new ones?
Thanks in advance.
douwe_yntema
douwe_yntema 33
- Senior Member, joined since
- Contributed 667 posts on the community forums.
- Started 57 threads in the forums
- Answered 1 question
I think nothing happend for the users. They can still use their old passwords. New users wil get new algo, existing users will stay on old algo.
Category Forum
Upgrading issues - 9Labels
None yet
Statistics
- Views 0 views
- Posts 5 posts
- Votes 0 votes
- Topic users 3 members
3 participants
Wanabo 10
- Senior Member, joined since
- Contributed 598 posts on the community forums.
- Started 94 threads in the forums
hippocanjump 10
- Junior Member, joined since
- Contributed 18 posts on the community forums.
- Started 5 threads in the forums
- Started this discussions
douwe_yntema 33
- Senior Member, joined since
- Contributed 667 posts on the community forums.
- Started 57 threads in the forums
- Answered 1 question
Notifications
Track thread
You are not receiving notifications from this thread.
Related Questions