[support] Migrating old passwords to Drupal

WATSON Michael mick.watson at roslin.ed.ac.uk
Mon Nov 8 12:47:32 UTC 2010 

I believe mysql password() encryption is one way; its impossible to decrypt (I'm not about to brute-force crack my users' passwords)

Sent from my HTC

----- Reply message -----
From: "Steve Power" <steev at initsix.co.uk>
Date: Mon, Nov 8, 2010 12:43
Subject: [support] Migrating old passwords to Drupal
To: "support at drupal.org" <support at drupal.org>

why not export your user data from your old app, import to drupal (decrypt the mysql password, hash with md5) then you dont have to mess about hacking core.



On Mon, Nov 8, 2010 at 10:55 AM, WATSON Michael <mick.watson at roslin.ed.ac.uk<mailto:mick.watson at roslin.ed.ac.uk>> wrote:
Hi

I have an old website/DB that I would like to migrate into Drupal.

At present, it has a user/password setup that encodes the passwords in MySQL using the native MySQL password() function.

Ideally, I’d like to take those users and replace them with Drupal users, in a seamless way and without having to re-set user passwords, such that users can log into the new Drupal website without having to change or re-set their passwords.

Clearly this is difficult as Drupal stores passwords as md5 encoded strings, whereas my passwords are encoded by password().

I notice that the user.module file includes several calls to md5.  If I changed all of these to a function which mimics the MySQL password() function, would that enable me to migrate my users into Drupal, allowing them to log into Drupal with their existing passwords?

If that wouldn’t work, suggestions are welcome!

Thanks
Mick

The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

--
[ Drupal support list | http://lists.drupal.org/ ]



--
--
--
Steve Power
Principal Consultant
Mobile: +44 (0) 7747 027 243
Fax: +44 (0)160 421 2871
Skype: steev_initsix
www.initsix.co.uk<http://www.initsix.co.uk> :: Initsix Heavy Engineering Limited
--
This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Initsix Heavy Engineering Limited.
If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone.
Please contact the sender if you believe you have received this email in error.

Initsix Heavy Engineering Limited
Registered in the UK: 5036938
Registered Address: 243 Kettering Road, Northampton, NN2 7DU, England.

-- 
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

More information about the support mailing list