[bbDev] phpass implementation

[Chris Hajer]

> I'm about to commit a first (and hopefully last) attempt at
> incorporating the phpass hashing algorithm into bbPress trunk.
>
> Similar to the WordPress implementation, when a user with an md5
> password logs into the site, their password will be updated to phpass.
> So if you want to try it out (and I hope you do) you may want to
> backup your user table first, otherwise if you want to roll back to
> md5 hashes, you will have to reset all passwords.
>
> The bbPress ticket is here http://trac.bbpress.org/ticket/760
>
> The WordPress ticket is here http://trac.wordpress.org/ticket/2394
>
> Sam

Hi Sam,

I checked out r973 on a test install of mine.   The installation is
not integrated.  I had two existing users.  I could not login in with
the old password.  I requested a password reset and a confirmation was
sent, I clicked through, and was emailed a new password (which
happened to be all digits 0 .. 9) and was able to log in fine with
that password.  In my bb_users table, the password looks like this
now:
$P$B2rSwrPooTZ4rm.NHjddGHDomVB/ea1 ( I changed one character before
emailing it )


I also registered a new user, and the password for that user appears
to be in the new format as well:
$P$BwtWpqKD70llGjH6z/ZdZSqsFcybIS/ ( one character altered before sending )

The password for my original user where I cannot log in looks like this:
0f359740cd1cda994f8b55330c86d845 ( again, one character altered )

I verified that that's the hash for the password for that account
(logged into another install where I have an account with the same
password, then checked the bb_users table to verifiy that the hash is
the same) so, I am typing the proper password, but it's not updating
to the new phpass.

New user registration and password reset both seem to be working fine.
 If you have another test I can perform to be sure, please let me
know.

Chris Hajer