Hello..
First of all, thanks for changing the password cryptogrgraphy scheme for the upcoming Moodle 2.5. It is helping me a little with peace of mind given all the recent server hacks and stolen user databases out there lately.
I have integrated Wordpress, Moodle, and Mahara into one site under a common login. All authentication is done through Moodle. Mahara nad Moodle are connected with moodle networking, so I don't anticipate any major issues there with the hash changes and per-user salt.
However, my WP install authenticates against the Moodle user database using a WP External DB Auth plugin.
I currently am using the "other" hash authentication setting and have set it like this:
$password2 =md5( $password.'[myMoodleHash]');
This obviously will not work anymore. Any tips on how to set this up with the new hash/salt mechanism? I am trying to follow https://tracker.moodle.org/browse/MDL-35332, but I don't think I gleaned enough detail to be sure. If I new where to look in the Moodle source, that would help.
I assume I need to use
$password2 =bcrypt( $password.'[perUserSalt]');
But this field is PHP code and there is no place in the plugin to grab the perUserHash from the table. Assuming I can modify the plugin to fetch the perUserSalt, is that all that is done, or is there any nested hashing going on here?
