Drupal 7 authentication#25
Conversation
|
Thanks for the request but I don't think that's a good commit. I will loop up at this later, when I find some time. But it's definitely a good change. |
|
Commit made. |
|
@mlojewski-me This code was removed in commit c1cc89f but the comment simply says "'lib' rewritten." Was it intentional to remove this code in that commit? Is there any chance of resurrecting this functionality? |
|
I think 'Portable PHP password' is the same algorithm, but I'm not sure. |
|
@mlojewski-me I reviewed the 'Portable PHP Password' option and found a few changes that needed to be made for it to work with Drupal 7. Drupal 7 uses sha512 instead of md5 and had a couple other changes as noted below: @@ -75,15 +75,15 @@
return null;
}
- $hash = md5($salt . $password, true);
+ $hash = hash('sha512', $salt . $password, true);
do {
- $hash = md5($hash . $password, true);
+ $hash = hash('sha512', $hash . $password, true);
} while (--$count);
$output = substr($setting, 0, 12);
- $output .= $this->encode64($hash, 16);
+ $output .= $this->encode64($hash, strlen($hash));
- return $output;
+ return substr($output, 0, 55);
} How would you recommend bringing these changes back in? I assume other apps use Phpass as it is now. Would it be better to bring in a dedicated Drupal 7 option again, or add an option to Portal PHP password? |
|
I'd prefer the dedicated Drupal 7 option. |
|
I've worked up my changes as a separate file for a dedicated Drupal 7 option, which extends Phpass in order to be as unobtrusive as possible. Alternatively, we could update Phpass to take optional arguments, but I see that you have open issue #46 which sounds like it's along those same lines and I'd prefer to not get in your way for that. |
|
I think issue #46 is going to take a long time to finish, so in my mind the best option is to make PR with dedicated class for Drupal 7, which extends Phpass. |
|
Thanks for the feedback. There's a new PR for your review now. |
|
Moved to #66 |
4 participants
No description provided.