As mentioned we are interested to be partron/sponsors of PHPFusion when you will launch your Patreon account.
We have two main customers that runs on PHPFusion V6-V7-V8, as well as there are thousands of plugins there.
And security is #1 thing.
So you don't want to ruin your online security reputation in 1 day.
If you don't have time, can I and our CTO Marius do a pull request to your Fusion V8 repository - we already created this feature.
It check password hash length in LOGIN time, and if the password is old md5/sha1, and PHP version is 7.1 or above, it updates the DB hash to SHA3.
The only thing you need to do in your database is just update max-length of user_pass field, to fit sha3 hash. No other features are required.
And then in core replace the md5 with SHA3. That's it.
0 replies