04-17-2017, 09:24 PM
I'm understanding this deploy, but I think your best option (obviously your choice to do this or not) is to create a notice indicating "If you've never logged in before" or whatever, go here, when they do, type in email, username, etc your choice and then on that custom page, have a box to enter their password, on post md5 and check it against the drop you have in the DB, and then if it validates the md5 hash, ask them to change their password, or keep it the same, (reenter it) and it will bcrypt it.
Hopefully that makes sense, I am strongly with mudmin on the security risk of doing this though. You would definitely be in your best interest to get your users passwords changed asap to work with the systems normal functionality.
The problem with modifying the core files of UserSpice is updates. I have to manually publish each update to my system and code edit every file (for the most part) because I made changes I shouldn't have and I'm too lazy to move them elsewhere like I should have.
Best of luck with your project!
Hopefully that makes sense, I am strongly with mudmin on the security risk of doing this though. You would definitely be in your best interest to get your users passwords changed asap to work with the systems normal functionality.
The problem with modifying the core files of UserSpice is updates. I have to manually publish each update to my system and code edit every file (for the most part) because I made changes I shouldn't have and I'm too lazy to move them elsewhere like I should have.
Best of luck with your project!