Closed skid9000 closed 2 years ago
You're welcome!
In the plugin PDO driver settings you could change the update query.
Say something like: UPDATE ... password = REPLACE(password, '$2y$', '$2d$')
https://www.postgresqltutorial.com/postgresql-replace/
Does that solve it for you?
Oh, that could work !
So like this it should be ok for the plugin ?
UPDATE credentials SET password = REPLACE(:newpass, '$2y$', '$2b$') WHERE <condition>
Theoretically: yes
You have to try it.
It works ! Thanks !
As for others finding this issue:
There is no difference between 2a, 2x, 2y, and 2b. PHP just generates 2y. So just do the same as @skid9000 and change the SQL query.
First of all, thanks for this fork, and thanks for the change-password plugin ! I was a long time user of rainloop and just discovered this project and i love it.
Is your feature request related to a problem? Please describe. I use OpenSMTPD as my MDA and MTA, with Postgres implementation, it require bcrypt for password hashs, however, it needs them in the 2b format, it plain dosen't want 2y. The change-password plugin send 2y formated hash to the database.
Describe the solution you'd like It would be nice in the admin panel to have a check box named like "Use OpenBSD bcrypt implementation". As OpenBSD and PHP uses modern bcrypt, we could just change the header of the hash from $2y$ to $2b$ before sending the PDO request.