Posted by ilakshmir on February 10, 2010 at 4:49pm
4 followers
Jump to:
| Project: | Secure Password Hashes |
| Version: | 6.x-1.0 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed (fixed) |
Issue Summary
I am trying out Phpass for the 1st time on a live site. I enabled the module and set the Password Hash Method to 'Secure' in user settings. I thought this would cause conversion of existing md5 passwords on returning user logins (based on _phpass_user_authenticate()) and new user registrations. But I still see md5 passwords in the users database. Have I missed any steps in configuring the Phpass module? I do have the PasswordHash.php in sites/all/modules/phpass/
Thanks.
Comments
#1
It looks like the maintainers of this project went AWOL, but I might be able to help if you haven't already find the solution by yourself or given up all together...
I just installed the module, and I was puzzled by that as well (the documentation is pretty slim...).
But, I found out that the new password based on the new encryption method is only generated when a user first log in. In that case, his password in the "users" table become the string "phpass" and the new password is then stored in the "user_phpass" table with a reference to it's user ID.
#2
I am working on a 6.x-2.x branch that changes all passwords when the module is enabled. I plan to release that soon and mark the 6.x-1.x as unsupported.
#3
Automatically closed -- issue fixed for 2 weeks with no activity.