I am trying out Phpass for the 1st time on a live site. I enabled the module and set the Password Hash Method to 'Secure' in user settings. I thought this would cause conversion of existing md5 passwords on returning user logins (based on _phpass_user_authenticate()) and new user registrations. But I still see md5 passwords in the users database. Have I missed any steps in configuring the Phpass module? I do have the PasswordHash.php in sites/all/modules/phpass/

Thanks.

Comments

tlaurent’s picture

It looks like the maintainers of this project went AWOL, but I might be able to help if you haven't already find the solution by yourself or given up all together...
I just installed the module, and I was puzzled by that as well (the documentation is pretty slim...).
But, I found out that the new password based on the new encryption method is only generated when a user first log in. In that case, his password in the "users" table become the string "phpass" and the new password is then stored in the "user_phpass" table with a reference to it's user ID.

pwolanin’s picture

Status: Active » Fixed

I am working on a 6.x-2.x branch that changes all passwords when the module is enabled. I plan to release that soon and mark the 6.x-1.x as unsupported.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.