Symfony sfDoctrineGuard Password Encryption

1
votes

I have a Symfony 1.4 app using sfDoctrineGuardPlugin for users.

I need to move these users to a new system. After going through the documentation and code, I'm having trouble understanding how Symfony stores/checks passwords.

I want my new system (CakePHP) to store and check passwords the same way the old one does, so that nobody has to change their password.

How would I go about this? Can someone post a simple example?

1
phpsymfony1passwordssfguardsfdoctrineguard
The core of the checking is in PluginsfGuardUser.class.php; you may find the odd helpful detail in this old question of mine, which is about migrating to Symfony. The approach I took was to use a standard plugin in the new system, but to add custom code to migrate user passwords from the old system at login -- might be worth bearing in mind as an approach. If you migrate at login, you have access to the unencrypted password, which is useful.Matt Gibson

1 Answers

3
votes

I think you just have to dig into the code, when sfGuard generate the password (setPassword) and when sfGuard check the password (checkPasswordByGuard).

They use an algorithm (by default sha1) to store the password which is salted.