As I'm in the process of cleaning-up and organizing my web installations, dev environment (WAMP), etc., I enabled a Moodle 2.5 installation, but I missed shutting off the Apache/2.2.20 + PHP/5.3.5 and turning on the one I had previously used with it: Apache/2.4.6 + PHP/5.4.17, as a result, when I tried to log in I got an "Invalid login, please try again" error message.
At first I assumed I had forgotten the password, so I created a new hash and saved it in the user table. Same result: invalid login.
Once I realized that I was using an old PHP version, I enabled a PHP 5.3.27 installation and then I was able to log in. After all this, I went and checked around a bit.
According to the download page, for Moodle 2.5 the minimum PHP version is 5.3.3, however, M 2.5 uses a new password hashing algorithm, which relies in the new prefixes ($2x$ or $2y$) introduced in PHP 5.3.7 to fix security weaknesses in the Blowfish implementation (PHP versions lower than 5.3.7 only support the $2a$ salt prefix); see: MDL-35332, improve security of hashed passwords.
I did some tests before posting here:
* With the $2y$10$ hash I had generated, I received the "Invalid login" message.
* When I used, either a $2a$10$, a $2a$08$ or an MD5 hash, I got the following message:
error/Failed to generate password hash. More information about this error.
I also got a Fail at the Test for functionality of compat library.
So, shouldn't PHP 5.3.7 be the minimum version for Moodle 2.5 and greater?