Posted 14 March 2011 - 06:22 AM
My problem is users password field. In my db passwords are already crypted. When i create a new pw user like '$user->pass = "password"' pw automatically create the md5 version. Is there a way to skip this process and save the password as i have in my db?
Posted 14 March 2011 - 09:38 AM
For the users, you'll have to do this at the DB level rather than with the API. That's because ProcessWire randomizes the salt for that user every time you change the password. With the $config->userAuthSalt, you can just edit your site/config.php file to change that. Let me know if you need any help with either part.
The point of all this is better security. But you can disable all of the salting if it suits your needs better by setting $config->userAuthHashType to null (which will force it to do nothing but md5 hash). You would need to do this before installation, or use the API to reset the passwords of an existing site, as any passwords already in the users table would already be salted and thus non-functional until changed.
Posted 14 March 2011 - 10:50 AM
The existing user system was not designed to be scalable, as it was always seen as a temporary solution. Granted a temporary solution that suits the needs for most of the sites I work on. But it's not ideal if you have to deal with more than a couple dozen accounts.
Sevarf2 - how many accounts are you dealing with now?
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users