Change authentication logic?

Permalink February 13, 2013 at 2:50 PM

I'm migrating a site from Joomla 1.5 to C5 and have hit a wall with transferring users. There's thousands and we don't want to make them all reset their passwords (we'd lose a bunch). And of course we can't unhash their Joomla passwords.

I think---although I'd love (love!) to be wrong---that leaves us with changing how C5 builds and authenticates passwords so that it works with the passwords we have.

At least both C5 and Joomla use an MD5 hash. But we'd need to take C5's method of "we take your thing, we add our string, and then we hash the whole mess" to a Jom-like "we take your thing, we add a random string, we hash that mess, then we tack the string on its rear."

I know this'll be complicated...probably over my head, but I gotta try. And I'd be mighty grateful to anyone who could provide any tips on how I might go about it. Even pointers to what files I should be looking at would help.

Pitifully and gratefully,
Daisy

goutnet replied on Feb 13, 2013 at 5:17 pm Permalink Reply

What you want (have) to do is to override the user model, located in concrete/models/user.php by placing your own user.php in your models directory.

The current model (in concrete5) have this in :

<?php  defined('C5_EXECUTE') or die("Access Denied.");
class User extends Concrete5_Model_User {}

You will need to make it something like this :

class User extends Concrete5_Model_User {
  public function encryptPassword( $uPassword, $salt = PASSWORD_SALT )
  {
     // Implement the Joomla way of doing things here
  }
}

the original code is in concrete/core/helpers/user.php

Although you probably want to do that *before* installing c5, since the admin password will get lost in the process (well, you can still rehash it with the joomla method to make it readable again).