Is there any way to import/rehash md5 encoded passwords into Drupal 7?


jsenich’s picture

Yes. I just ran into this as well. Check out user_update_7000 in user.install. This handles rehashing old passwords when upgrading to Drupal 7. To rehash a md5 password you can do something like:

require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/');
$old_hash = md5('password');
$hash_count_log2 = 11;

$new_hash = user_hash_password($old_hash, $hash_count_log2);

if ($new_hash) {
  // Indicate an updated password.
  $new_hash  = 'U' . $new_hash;

dlbrock7’s picture

jsenich, Cool. Thanks. I'll give that a try.

hellomobe’s picture

Please explain how to implement this code. I couldn't get my D6 to upgrade to D7, so I did a fresh install of D7 and then imported by users manually into the database -- as you can guess, my passwords don't work now. Thanks for helping.

swilsondesign’s picture

swilsondesign’s picture

Yes, please can you clarify where to run this script.



Cami’s picture

Where to run this script? I need to migrate users with double MD5 password encryption (not from previous versions of Drupal). Wordpress has a nice plugin you just need to change
$hash == md5($password) )
$hash == md5(md5($password)) )
etc. How can you do that in Drupal?

swilsondesign’s picture

Cami’s picture

I've already tried it. It changed the password in the database, but I could not log in.
I don't know if I'm doing it right - I have the double MD5 password, so I think I need to change to single MD5 first for the rehash to work. Do you know what to change in the code for that?

I'm not a pro, so if I don't see the specific
$hash == md5... etc.
I don't "see" the rehashing ;) and I don't know what to change. I need the instruction for dummies ;)

swilsondesign’s picture

Mmmm, yeah not really sure about non-Drupal to Drupal and certainly not sure about D7.

Maybe there's a module/script out there for WordPress -> D6 but couldn't be any more specific... Could try asking the folks over at Stack Overflow?


Cami’s picture

and... well... I've got the answer on what to change. Now I just need to know how to do that ;)

cl00bie’s picture

This has helped me convert my phpwebsite passwords from an old site to the new D7 passwords, and it appears that access is enabled. Thanks so much for posting this.

chhavik’s picture


I am migrating users from d6 to d7 using migrate module. I used the above specified logic or even tried adding $this->destination = new MigrateDestinationUser(array('md5_passwords' => TRUE)); which automatically saves the password with a 'U' appended.

But when i try to login using my old password, it says. Sorry, unrecognized username or password. Have you forgotten your password?

swilsondesign’s picture

See my other post you commented on. I've posted a reply.