Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

Forum Module /

Discuss the Forum Module.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Change password algorithm?

Go to End

11 Posts   7280 Views


Community Member, 244 Posts

10 July 2011 at 9:01pm

Hi there. I've got exactly the same problem - 2000 users from an old site, and a new 'silverstriped' version ready to go - i just can't get the users transferred...

did anyone get any documentation written up on this one?


Community Member, 88 Posts

10 July 2011 at 9:46pm

I solved it the following way:

1) Create Encryptor class like e.g.

class ForumPasswordEncryptor extends PasswordEncryptor{
	public function encrypt($password, $salt = null, $member = null){
		return md5(md5($password).$salt);
	public function salt($password, $member = null){
		return '';

2) Register you class with a unique string in your config.php

PasswordEncryptor::register('md5_forum', 'ForumPasswordEncryptor');

3) Now it's tricky
I would expect to tell a Member (or Security or Group) to use my newly created encryptor for encryption somehow like this:

$salt = 'Put your salt in here';
$m = new Member();
$m->setField('Email', $user['Email']);
$m->setField('PasswordEncryption', 'md5_forum');

However, this did not work. The passwords in database were different from my test results, so I used instead the following code:

// Example 1
$salt = 'Put your salt in here.';
$m = new Member();
$m->setField('Email', $user['Email']);
$m->setField('Password', md5($user['Password'].$salt));
$m->setField('PasswordEncryption', 'none');

This way the password string provided by setField('Password', md5...) was saved exactly the same into database. After this I changed the column holding the encription string in database manually to 'md5_forum' and now I could login into silverstripe with my old password from the other (old) forum.

This have been the steps I remember...hope I didn't forget anything important. Would be nice to hear about your solution. I'd like to know why it didn't work with setting password encryption algorith to 'md5_forum' in my code.


Community Member, 52 Posts

15 November 2014 at 12:37pm

PasswordEncryptor::register is deprecated, and you must use the YML config system for SS 3.1+

Thought I would update this thread for those wanting salt-less passwords -- an evil necessity for seamlessly migrating systems...

Behold -- SodiumFreePasswordEncryptor

 * Sodium Free Password Encryptor -- for importing legacy passwords,
 * register via mysite/_config/encryptors.yml, e.g.

      SodiumFreePasswordEncryptor: md5
      SodiumFreePasswordEncryptor: sha1

 * example usage

$member = new Member();

$member->Email = '';
$member->Password = 'brice';
$member->PasswordEncryption = 'sf_md5';


class SodiumFreePasswordEncryptor extends PasswordEncryptor_PHPHash {

    public function salt($password, $member = null){
        return '';

GIST here:

Go to Top