Tuesday, January 24, 2012

My answer to "Change Password Encryption"

This is my answer to a Question on Support site for LampCMS project


OK, so you want to be able to use already encrypted passwords?
Then you can just use the same hashing as was used on SMF.

I mean, you can just use md5(username.password), it will work. It's usually a good idea to add salt to hashing but if you absolutely must be sure that existing users can login without any problems you may keep using the old hashing technique. It's still OK.

md5($string); is the same as hash('md5', $string);
the reason I use the second option is because in older version of php the hash('md5', $string) was faster than md5($string). I think there is no speed difference in the latest version of php, I just use it as a habit.

I am not sure what the data.username does? First of all what is data? This is php you know, it needs at least a dollar sign in front of variable. There is no dot notation in php also.

As for returning blank page, I am not sure why. If you enable debugging and have enabled logging, then you can look in the log file. You can quickly add anything to a log by just using the "d" function, like this:

d("log this line with this $variable");

It will automatically add a file name and line number where you added this line.