By dlbrock7 on

Is there any way to import/rehash md5 encoded passwords into Drupal 7?

Categories: Drupal 7.x

Comments

jsenich’s picture

jsenich commented

Yes. I just ran into this as well. Check out user_update_7000 in user.install. This handles rehashing old passwords when upgrading to Drupal 7. To rehash a md5 password you can do something like:

require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
$old_hash = md5('password');
$hash_count_log2 = 11;

$new_hash = user_hash_password($old_hash, $hash_count_log2);

if ($new_hash) {
  // Indicate an updated password.
  $new_hash  = 'U' . $new_hash;
}
dlbrock7’s picture

dlbrock7 commented

jsenich, Cool. Thanks. I'll give that a try.

hellomobe’s picture

hellomobe commented

Please explain how to implement this code. I couldn't get my D6 to upgrade to D7, so I did a fresh install of D7 and then imported by users manually into the database -- as you can guess, my passwords don't work now. Thanks for helping.

Anonymous’s picture

Anonymous (not verified) commented

See http://drupal.org/node/1175562

S

Anonymous’s picture

Anonymous (not verified) commented

Yes, please can you clarify where to run this script.

Thanks,

Steve

Cami’s picture

Cami commented

Where to run this script? I need to migrate users with double MD5 password encryption (not from previous versions of Drupal). Wordpress has a nice plugin http://wordpress.org/extend/plugins/md5-password-hashes/ you just need to change
$hash == md5($password) )
into
$hash == md5(md5($password)) )
etc. How can you do that in Drupal?

Anonymous’s picture

Anonymous (not verified) commented

See below for how to rehash:

http://stackoverflow.com/questions/6205605/drupal-6-user-password-import...

S

Cami’s picture

Cami commented

I've already tried it. It changed the password in the database, but I could not log in.
I don't know if I'm doing it right - I have the double MD5 password, so I think I need to change to single MD5 first for the rehash to work. Do you know what to change in the code for that?

I'm not a pro, so if I don't see the specific
$hash == md5... etc.
I don't "see" the rehashing ;) and I don't know what to change. I need the instruction for dummies ;)

Anonymous’s picture

Anonymous (not verified) commented

Mmmm, yeah not really sure about non-Drupal to Drupal and certainly not sure about D7.

Maybe there's a module/script out there for WordPress -> D6 but couldn't be any more specific... Could try asking the folks over at Stack Overflow?

S

Cami’s picture

Cami commented

Posted
http://stackoverflow.com/questions/6670903/how-to-import-md5md5-php-fusi...
and... well... I've got the answer on what to change. Now I just need to know how to do that ;)

cl00bie’s picture

cl00bie commented

This has helped me convert my phpwebsite passwords from an old site to the new D7 passwords, and it appears that access is enabled. Thanks so much for posting this.

chhavik’s picture

chhavik commented

Hi,

I am migrating users from d6 to d7 using migrate module. I used the above specified logic or even tried adding $this->destination = new MigrateDestinationUser(array('md5_passwords' => TRUE)); which automatically saves the password with a 'U' appended.
http://drupal.org/node/1349758

But when i try to login using my old password, it says. Sorry, unrecognized username or password. Have you forgotten your password?

Anonymous’s picture

Anonymous (not verified) commented

See my other post you commented on. I've posted a reply.

S