Migrating password with custom hash algorithm

by Pravin Ajaaz   Last Updated January 19, 2018 15:07 PM

I am trying to migrate data from a custom database which uses a different method to HASH the password.

password = md5(email + password + salt)

During the process of migration I face two issues.

I ) To differentiate the new register Drupal passwords from Old site passwords. I tried adding "OLD$" code to the old password using

  public function prepareRow(Row $row) {

    if ($value = $row->getSourceProperty('password')) {
      $row->setSourceProperty('password', 'OLD$' . $value);

    return parent::prepareRow($row);

But this doesn't seem to work.

II ) To check the passwords with old hash, I read in a blog post that new service needs to be created by extending PhpassHashedPassword

public function check ($password, $hash) {

    if (substr($hash, 0, 2) == 'U$') {

      $stored_hash = substr($hash, 1);
      // Here you use the same algorithm the old site has to hash passwords
      // and store it on $password.

      if (substr($stored_hash, 0, 3) == '$P$') {
        // A phpass password generated using md5. This is a password migrated with
        // md5_passwords = TRUE
        $computed_hash = $this->crypt('md5', $password, $stored_hash);
        return $computed_hash && Crypt::hashEquals($stored_hash, $computed_hash);

In my algorithm, password = md5(email + password + salt) the salt and email ID are needed. How can I get the values in check function

Tags : 8 migration

Related Questions

Migrate Dimensions

Updated April 23, 2015 00:03 AM

Migrate class not registering properly

Updated July 26, 2015 13:03 PM

Display inline images imported from phpBB

Updated April 08, 2015 18:03 PM