User information encryption
Permalink
Hello,
I have to migrate several websites (5.4,5.5,5.6) to the new 5.7 version. On some website I have more thant 600 users.
Is the a possibility to migrate users directly trough the mysql table ?
I don't need group or attributes but only username, email and password.
Is the password encrypted in a different way depending the version ?
Thanks for your help
I have to migrate several websites (5.4,5.5,5.6) to the new 5.7 version. On some website I have more thant 600 users.
Is the a possibility to migrate users directly trough the mysql table ?
I don't need group or attributes but only username, email and password.
Is the password encrypted in a different way depending the version ?
Thanks for your help
Passwords are encrypted differently. You may be able to hack an SQL table of users into 5.7 in a way where they can subsequently go through a lost password process.
I'm pretty sure that in 5.7 there is code to handle legacy password hashing.
Have a look around line 145 of Concrete\Core\User.
For it to work, it appears that you need to set the concrete.user.password.legacy_salt config value with the old salt. But it appears that this scenario has been considered.
Have a look around line 145 of Concrete\Core\User.
For it to work, it appears that you need to set the concrete.user.password.legacy_salt config value with the old salt. But it appears that this scenario has been considered.
Thanks @mesuva for the tip!
For a migration from 5.6 to 8.5 I was able to transfer users with MySQL:
1. Export Users table from 5.6
2. Import to 8.5 Users table
3. Copy the 5.6 PASSWORD_SALT from /config/site.php
4. Paste this to 8.5 install, line 920 of /concrete/config/concrete.php, 'legacy_salt'
5. [EDIT] had to run MySQL query UPDATE `Users` SET `uLastIP` = '' WHERE 1; to fix error when viewing imported users in dashboard
Old users can now log in using their 5.6 password. On first login, their password in the Users table is updated to use 8.5 hashing.
Only issue I can see is that the 'legacy_salt' will be overwritten when concrerte5 is updated so we asked all of our users to log in asap to force their password hashes to be updated. You can probably get around this with an override in /application/config but I didn't test this.
Great work by the core team supporting legacy password hashing!
For a migration from 5.6 to 8.5 I was able to transfer users with MySQL:
1. Export Users table from 5.6
2. Import to 8.5 Users table
3. Copy the 5.6 PASSWORD_SALT from /config/site.php
4. Paste this to 8.5 install, line 920 of /concrete/config/concrete.php, 'legacy_salt'
5. [EDIT] had to run MySQL query UPDATE `Users` SET `uLastIP` = '' WHERE 1; to fix error when viewing imported users in dashboard
Old users can now log in using their 5.6 password. On first login, their password in the Users table is updated to use 8.5 hashing.
Only issue I can see is that the 'legacy_salt' will be overwritten when concrerte5 is updated so we asked all of our users to log in asap to force their password hashes to be updated. You can probably get around this with an override in /application/config but I didn't test this.
Great work by the core team supporting legacy password hashing!
