cblue#426850 #4063 add a configuration option for password conversion…

… during login if password encryption has changed

main/inc/lib/usermanager.lib.php

@@ -169,7 +169,7 @@ public static function checkPassword($encoded, $raw, $salt, $userId)
         $result = false;
 
         $detectedEncryption = self::detectPasswordEncryption($encoded, $salt);
-        if (self::getPasswordEncryption() != $detectedEncryption) {
+        if (api_get_configuration_value('password_conversion') && self::getPasswordEncryption() != $detectedEncryption) {
             $encoder = new \Chamilo\UserBundle\Security\Encoder($detectedEncryption);
             $result = $encoder->isPasswordValid($encoded, $raw, $salt);
             if ($result) {

main/install/configuration.dist.php

@@ -163,6 +163,8 @@
 $_configuration['security_key'] = '{SECURITY_KEY}';
 // Hash function method
 $_configuration['password_encryption'] = '{ENCRYPT_PASSWORD}';
+// allow to convert passwords after login if password_encryption has changed since last login
+$_configuration['password_conversion'] = false;
 // You may have to restart your web server if you change this
 $_configuration['session_stored_in_db'] = false;
 // Session lifetime