I am trying to upgrade my app to Kohana 3.2 but I'm having trouble because all my users are in the database with passwords encrypted by Auth from Kohana 3.0. It looks like 3.2 does it differently. Can I configure 3.2 to use the same encryption?
Asked
Active
Viewed 308 times
1 Answers
2
There is no simple way for this. Kohana 3.2 uses hash_hmac() instead of hash+salt. Also there a changes in login workflow (for example, Model_User in 3.2 doesnt contain any login logic). You will need to copy a lot of code from 3.0 to 3.2, I dont think its a good idea.
What about sending emails with a password recovery link? Old password will be broken, but user can simply redefine password. And dont forget to logout all "remembered" users (somewhere in your basic controller, before() method is perfect place for it).
PS. Sorry for my english, Its not my native language.
biakaveron
- 5,493
- 1
- 16
- 20
-
Your english is perfectly fine, no need to apologize ;) – matino May 28 '12 at 14:30
-
Absolutely, perfectly understood. I have decided to backtrack it to kohana 3.0 again. Can't afford the disruption. Huge shame there is no was to work with 3.0 passwords in 3.2. Nevermind. Thank you though. – Rich Standbrook May 28 '12 at 15:22
-
@koorb, the Auth module in Kohana 3.2 lets you define the hash method (see config/config.php). In that case, couldn't you change this hash method to whatever was used in Kohana 3.0? – laurent May 31 '12 at 07:29
-
I have tried, I just can't get it to encode the same as the ones I have stored in the database. – Rich Standbrook Jun 15 '12 at 10:01