Closed TopicsLP closed 3 years ago
Alanaktion
commented
6 years ago I like the direction of this change using password_hash, but we'll need to support existing bcrypt-based hashes too for people who update their code with existing users. It would probably be best if we detect a bcrypt hash when logging in and replace it with a password_hash-based one.
TopicsLP
commented
6 years ago Great Idea, i will try to implement this into my request.
TopicsLP
commented
6 years ago Hey Alanaktion,
i got time to update the PHP code. I also tested it on my webserver and it worked. Can you please take a look on it if you are fine with my changes.
Oh and i forgot to add comments, i´m sorry for that.
TopicsLP
commented
6 years ago Well i found a problem on the converting from bcrypt to php hash, in my first test it did not appear but after some tests later i got trouble with slashes and php making them to \ / or / \ (without space)
Found a problem in my previous commit by calling the user_modify function, was sending the hash instead of the password.
zefir-git
commented
3 years ago This makes no sense. What if you want to import users using argon2 or one of the thousand other cryptographic hash functions?
TopicsLP
commented
3 years ago I´m thinging it´s time to close this one, i´m will not make additional changes to this.
Because of some issues i´m having (password invalied (its correct (copied from Keepass)) I tought of change password encryption methode to the default one of PHP,
Already testet it on my System seems to work