Hi all!
I need to change the encryption algorithm for Lizamp user passwords from sha1 to sha256. I tried to follow what is indicated in this comment (change the value of password_crypt_function into the Db section of the file lizmap/var/config/index/auth.coord.ini.php and lizmap/var/config/admin/auth.coord.ini.php) but it does not work, Lizmap seems to ignore the changes. Are there other configurations to change?
Thanks in advance!
Roberta
can you try to change the value also in lizmap/app/system/admin/ auth.coord.ini.php file ?
Yes I have already modified the lizmap/app/system/admin/ auth.coord.ini.php file but I got this error:
Call to undefined function sha256() /home/procedure/mappenew2/lizmap/vendor/jelix/jelix/lib/jelix/auth/jAuthDriverBase.class.php 57
HI,
first : don’t modify any files into lizmap/app/system/. Modifications will be overwritten with the next update. Put your parameters into lizmap/var/config/localconfig.ini.php. For parameters that are initially into auth.coord.ini.php, put this into localconfig.ini.php
[auth_Db]
password_crypt_function=sha256
Second, there is no sha256() function in php, this is why it does not work. You should create one, into lizmap/application.init.php for example (you should rewrite the function when you will update Lizmap and overwrite this file).
But: what are you trying to do exactly ? why to change ?
Is it because you import users data into the database with sha256 values ? If yes, you should create this PHP function.
Is it because you already have users into the database using sha1 and you want to enforce hashing ? well you must no change password_crypt_function, first because users could not authenticate anymore (lizmap will try to compare a sha256 hash with the sha1 hash stored…), and second, the default algorithm used by PHP is better than sha256, so you should use it.
In this case, and in any other case than the first one, keep password_hash_method = 1 into auth.coord.ini.php, and hash will be automatically updated into the database when the user will authenticate.
@laurentj thank you for the very clear explanation and suggestions. What I would like to do is import a series of users from another database whose passwords are encrypted using the SHA-256 method. So I have to create the PHP function.
it seems sha-256 is no more a good choice for password encryption…another solution would be (if you manage the application accessing the other database) to modify the other application to store the password hashed with a recommended algorithm (compatible with lizmap) when user logs in, in a new column (which will be used for password import in lizmap)