Question Password Migration

Hi,

I have a large and active site that I'm bringing over to Kunena. The biggest challenge (apart from the sheer weight of the data) is that the legacy forum stores passwords in one-way SHA256 encryption, so I have no way of converting that over to Kunena format.

However, I have an idea. If I bring the password over to a new field in its existing SHA256 code to sit alongside the Kunena data, I can then intercept the login of the site / forum, and do the following:

- Is legacy-password field populated? Yes/No
- If No, perform standard site login
- If Yes, encrypt the given password using SHA256, and compare it against the legacy-password field
- If no match, abandon login as fail
- If a match, encode the given password into Kunena encrypted format and write that into the Kunena password field. Delete the contents of the legacy-password field so it won't be checked on future logins.

So, the question is (having never written a Joomla / Kunena extension before), can anyone point me at a core bit of code that handles the login site-wide? Do Kunena and Joomla both have their own login routines which need to be modified?

I suspect, since many other forums (fora?) use their own password encryption method, a plugin such as this may be useful in a more generic way.

Kunena itself has nothing to do with authentication, this part is handled by Joomla. So you would need to write Joomla plugin to handle that information. You can also use your own table in the database to save external passwords.

Ok if i understood

The legacy forum have an assimetrycal password encryption of SHA256

You need to convert it to Joomla, MD5:salt

You can modify the authentication Joomla file for modify the way the users log in, how? with insertion of code that capture the password when users log-in, make new encryption by apply the joomla encryption and store it on the table

Yes, that sounds pretty much like it.

Another option that comes to mind, as this is a completely fresh install, is to replace the MD5:salt encryption with SHA256, then doing away with the need to convert a users password on login.

or just write a joomla 1.5 authentication plugin (or a cb 1.2 authentication plugin).

See LDAP or google ones in joomla 1.5.

Those auto-create the user in joomla, based on external refs.

Thanks Beat,

That's exactly what I did, and it works a treat.

Didn't realise how easy Joomla makes it to modify / augment the code.