Is there any way to import/rehash md5 encoded passwords into Drupal 7?

Comments

jsenich’s picture

Yes. I just ran into this as well. Check out user_update_7000 in user.install. This handles rehashing old passwords when upgrading to Drupal 7. To rehash a md5 password you can do something like:

<?php
require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
$old_hash = md5('password');
$hash_count_log2 = 11;

$new_hash = user_hash_password($old_hash, $hash_count_log2);

if (
$new_hash) {
 
// Indicate an updated password.
 
$new_hash  = 'U' . $new_hash;
}
?>
dlbrock7’s picture

jsenich, Cool. Thanks. I'll give that a try.

hellomobe’s picture

Please explain how to implement this code. I couldn't get my D6 to upgrade to D7, so I did a fresh install of D7 and then imported by users manually into the database -- as you can guess, my passwords don't work now. Thanks for helping.

swilsondesign’s picture

http://stephenwilsondesign.co.uk

Based in Leeds, United Kingdom, I'm an experienced web and graphic designer. I promote all things open-source (especially Drupal).

swilsondesign’s picture

Yes, please can you clarify where to run this script.

Thanks,

Steve

http://stephenwilsondesign.co.uk

Based in Leeds, United Kingdom, I'm an experienced web and graphic designer. I promote all things open-source (especially Drupal).

Cami’s picture

Where to run this script? I need to migrate users with double MD5 password encryption (not from previous versions of Drupal). Wordpress has a nice plugin http://wordpress.org/extend/plugins/md5-password-hashes/ you just need to change
$hash == md5($password) )
into
$hash == md5(md5($password)) )
etc. How can you do that in Drupal?

swilsondesign’s picture

http://stephenwilsondesign.co.uk

Based in Leeds, United Kingdom, I'm an experienced web and graphic designer. I promote all things open-source (especially Drupal).

Cami’s picture

I've already tried it. It changed the password in the database, but I could not log in.
I don't know if I'm doing it right - I have the double MD5 password, so I think I need to change to single MD5 first for the rehash to work. Do you know what to change in the code for that?

I'm not a pro, so if I don't see the specific
$hash == md5... etc.
I don't "see" the rehashing ;) and I don't know what to change. I need the instruction for dummies ;)

swilsondesign’s picture

Mmmm, yeah not really sure about non-Drupal to Drupal and certainly not sure about D7.

Maybe there's a module/script out there for WordPress -> D6 but couldn't be any more specific... Could try asking the folks over at Stack Overflow?

S

http://stephenwilsondesign.co.uk

Based in Leeds, United Kingdom, I'm an experienced web and graphic designer. I promote all things open-source (especially Drupal).

Cami’s picture

Posted
http://stackoverflow.com/questions/6670903/how-to-import-md5md5-php-fusi...
and... well... I've got the answer on what to change. Now I just need to know how to do that ;)

cl00bie’s picture

This has helped me convert my phpwebsite passwords from an old site to the new D7 passwords, and it appears that access is enabled. Thanks so much for posting this.

The Cigar Diary
http://www.cigardiary.com

chhavik’s picture

Hi,

I am migrating users from d6 to d7 using migrate module. I used the above specified logic or even tried adding $this->destination = new MigrateDestinationUser(array('md5_passwords' => TRUE)); which automatically saves the password with a 'U' appended.
http://drupal.org/node/1349758

But when i try to login using my old password, it says. Sorry, unrecognized username or password. Have you forgotten your password?

swilsondesign’s picture

See my other post you commented on. I've posted a reply.

S

http://stephenwilsondesign.co.uk

Based in Leeds, United Kingdom, I'm an experienced web and graphic designer. I promote all things open-source (especially Drupal).