|Extension Name||Secure Passwords||Rating|
|Date Added||12 June 2012||Request Support|
|Date Modified||24 September 2012||Report extension|
Donate to support us
If you like this extension or use it, consider donating to keep me making great extensions!
PayPal Donation: http://goo.gl/6Twv4
OpenCart has a security flaw in the database. It uses MD5 hashes for its password management. MD5s and even SHAs are considered insecure by today's standards.
This extension uses bcrypt which uses the blowfish keyring. This will protect your user and customers passwords a lot better than MD5 or SHA.
This will allow backwards compatibility and does not affect user data until the next time an account is created or a user/customer logs in.
Fixed - SQL query file.
Update - Customers passwords are now secured with bcrypt.
9/3/2012 Update - Release 1.5.4x version. Database and code was changed a lot.
You can get support on this extension page or at the form here: http://forum.opencart.com/viewtopic.php?f=22&t=83232
|Secure Passwords v1.10||v1.5.0, v188.8.131.52, v184.108.40.206, v220.127.116.11, v18.104.22.168, v22.214.171.124, v1.5.1, v126.96.36.199, v188.8.131.52, v184.108.40.206, v1.5.2, v220.127.116.11, v1.5.3, v18.104.22.168||[ Download ]|
|Secure Passwords v1.20.154||v22.214.171.124||[ Download ]|
Follow the instructions in the readme file. VQmod is required.
Please rate and post comments! Thanks!
SECURE PASSWORD - Instructions
This extension changes the default MD5 password hash to a bcrypt password
hash. It will allow current users to still login with the same password and
will update a field in the database with the new hash.
Author: CGSmith.net, LLC
All steps are required. As always, backup your DATABASE and OPENCART files!!!
1. Lengthen the 'password' fields in the database under 'customer' and 'user' to
256 charactors. See example SQL file.
2. Place the 'system' folder in OpenCart via FTP. No files are overwritten.
3. Place the 'vqmod' folder in OpenCart via FTP. No files are overwritten.
4. Login and create a user to make sure everything works.
5. Check the database for the new password hashes and delete the 'password' field
from the database when it is safe to do so.