Handling user passwords when importing from another forum software?

Continuing the discussion from phpbb3 import script - users cannot login - password error:

Curious on this.

How hard is it to add a function that checks the password using the hashing scheme of the old forum and then re-encrypts using the new Discourse scheme?

For example, for a user-entered password, first try bcrypt (assuming Discourse uses this), then if that fails try MD5 (assuming phpbb uses that), and if that fails return an error. If MD5 returns successful, then re-encrypt the password using bcrypt and overwrite the old md5 hash.

Could this be implemented at the Postgres level without even needing to add anything to the Rails app?

I know Xenforo handles this in their imports automatically and it’s a very handy thing to have for an older forum where many users aren’t using valid email addresses. I’ve been amazed how many times people give up in frustration when their old password isn’t working and just create a new account. Makes me think there’s a good number who just give up and never re-register.

I think the importers that @michaeld wrote have this feature. We do not do it in ours.

We have a plugin that does exactly what @jeffwidman suggests.

It’s not that hard to add in an importer.

You only need to do two things to accomplish this:

• Make sure the importer stores the password hash in a custom user field called import_pass,
• Install https://github.com/communiteq/discourse-migratepassword plugin

I just wrote an importer for mylittleforum (not yet, but soon to be, submitted as a PR) and included an import_pass field as recommended here. I’d totally forgotten about it when my client (who’s using https://www.communiteq.com/) claimed that his old passwords worked! I thought he was crazy at first.

Thanks, @michaeld!