Changes between Version 1 and Version 2 of Ticket #21022, comment 79
- Timestamp:
- 09/27/2016 06:36:37 PM (8 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #21022, comment 79
v1 v2 4 4 2. if PHP version >= 5.3.7, use the PHP password_hash()/password_verify() functions (for lower versions of PHP, keep using PasswordHash class from phpass) 5 5 3. when a user logs in, if the site is using bcrypt and their password is hashed using portable hashes, update their hash to a bcrypt hash 6 4. when a user logs in, if the site is *not* using bcrypt and their password is hashed using bcrypt (i.e. when PHP is downgraded), automatically send a password reset and show a message saying "Sorry, something has gone wrong and you must reset your password. A link has been sent to the email address you registered with. <a href="https://codex.wordpress.org/Foobar">More information</a>."6 4. when a user logs in, if the site is *not* using bcrypt and their password is hashed using bcrypt (i.e. when PHP is downgraded), show a message saying "Sorry, something has gone wrong and you must reset your password. <a href="https://codex.wordpress.org/Foobar">More information</a>." 7 7 8 8 Does this look correct? Have I missed anything? If somebody produced a patch containing the above changes, could we get it committed? 9 10 Edit: Removed comment about automatically sending a password reset because the code that sends a password reset lives in wp-login.php so it's not easily accessible from other places.