Accept Different Password Format

  • Hi there,

    I was wondering if you are able to help me make the changes necessary to accept the password format for another platform (OpenCart). I’m wanting to migrate to WordPress. Their password authentication is as follows:

    password = SHA1(CONCAT(salt, SHA1(CONCAT(salt, SHA1(‘” . $this->db->escape($password) . “‘)))))

    More than happy to make a donation. Please let me know if it’s too difficult to do with your plugin – it seems to me like it has all the functionality, I just need to potentially adjust how it processes sha1 with salt, but I could be drastically mistaken.

    Your help would be greatly appreciated.

    Regards,
    Kyle

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author tbenyon

    (@tbenyon)

    Hey Kyle,

    Apologies for the delayed response.

    You’ve used the word migrate which gives me the impression that the old service will be killed off in replacement for WordPress.

    The plugin as it stands is designed for when you’ve got another live service running that handles forgotten passwords and changes to details.

    If this is not what you need however we could look at an alternative.

    One thing that jumps out at me is that the password hashing method is not ideal in the system you’re currently using for at least one reason I specify in the ‘Security Notes’ for the plugin (speed of hashing algorithm).

    For this reason the solution we look at to solve your problem may benefit from converting old user passwords into the way WordPress handles it by default.

    Can you confirm that you are looking to kill off the old system and then we can start to discuss what you are looking for.

    I could publish another plugin with a lot of the same logic but looking at user migration for you. I think it would be confusing to do what you want in the current plugin for other users.

    Thanks,

    Tom

    Thread Starter crashtestkyle

    (@crashtestkyle)

    Hey Tom,

    No need to apologise at all.

    That is correct. I’m hoping to migrate from one platform to WordPress.

    I see what you’re saying. For some reason I thought it was concerting users to WordPress format once they had logged in. I certainly agree, after reading a lot of info about passwords and hashing, it’s become clear a lot of the methods are less than ideal.

    You have it correct, I want to completely move away from the old system.

    Thread Starter crashtestkyle

    (@crashtestkyle)

    Hey Tom,

    Just thought I would follow up on this and see if you were able to/interested in helping me out with the above?

    Thanks,
    Kyle

    Plugin Author tbenyon

    (@tbenyon)

    Hey Kyle,

    Sorry for the delay.

    My first thought is, have you searched for User Migration plugins? I haven’t but there may already be something out there that does exactly what you want.

    If not . . .

    You’re right that the users are getting converted to the WordPress users after they login.

    I don’t know where you’re current DB is but you could leave it where it is, or move it to the same place as the WordPress DB one so you don’t have to have two servers running. You may already have it on the same server?

    This way I guess using the plugin would mostly do what you’re looking for as it stands.

    The plugin I’ve written was based on the external system and database being the master record and handling the resetting of passwords and creating accounts.

    The benefits of what’s already in my plugin:
    – A new user would get created from the old system at first login
    – This user would have a new safer password hash created

    The issues to solve would be:

    1) We would have to reserve any usernames already used in the external database to ensure that a new user doesn’t take it before an old user has been migrated

    2) We would need to make the new DB be the preference so if a user already exists with that username we log them in, with WP. If not we check the external DB and see if they exist there and create them.

    3) I’ve had someone before who had a very custom hashing method like yours and I suggested I didn’t want to add it to the plugin as it was going to bloat it with a custom solution that no one else would use. I’ve now had a thought seeing yours that I could allow users to create a function (with a name I define in the instructions) that would exist in your functions.php file that would take in the password and salt and you could put the code you’ve specified above in it for your custom case.

    Does this all make sense? Do you have any thoughts? Have I missed anything?

    Thread Starter crashtestkyle

    (@crashtestkyle)

    Hey Tom,

    I have tried having a look. Many of the results are migration services rather than doing it yourself, with the reviews for such services being less than favourable.

    One though that had occurred to me, was importing the external database into WordPress users, leaving the password blank and using the email address as the username. That way you’re reserving all relevant email addresses. That way all that really needs to be done is to convert the relevant password into a WordPress format.

    Would that work?

    Thanks for all of your help!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Accept Different Password Format’ is closed to new replies.