Hello all, I am hoping someone who has gotten Vufind and Koha working together can help me with this. I recently installed Vufind 2.3.1 and Koha 3.18.3 on Debian 7. I have configured Vufind and successfully imported the records from Koha into Vufind. However, I can't get Vufind to use Koha to authenticate patrons. I can see the status of Koha items update in Vufind searches, so I know Vufind can connect to the Koha database. The problem seems to be the password encryption used in the Koha ILS driver and the encryption used for passwords in the current Koha version. The Vufind Koha driver still uses MD5 while I have been informed that current Koha uses BCRYPT. Can anyone provide me with the Koha driver for Vufind or point me towards how I can update the driver to successfully authenticate with current Koha version? Thanks for your help. -- Olugbenga Adara
Hi, On Thu, Mar 5, 2015 at 10:07 AM, Olugbenga Adara <gbengaadara@gmail.com> wrote:
The problem seems to be the password encryption used in the Koha ILS driver and the encryption used for passwords in the current Koha version. The Vufind Koha driver still uses MD5 while I have been informed that current Koha uses BCRYPT.
That's correct, modern Koha uses bcrypt.
Can anyone provide me with the Koha driver for Vufind or point me towards how I can update the driver to successfully authenticate with current Koha version?
I've made a patch to Vufind's Koha driver that allows it to recognize both MD5 and bcrypt password hashes. https://github.com/gmcharlt/vufind/commit/bbb6e89717627412bb516b0ea84160f55b... Please note that this patch is not tested at all, but hopefully it should at least give you the idea. If you try it, I would appreciate feedback on whether it works. Regards, Galen -- Galen Charlton Infrastructure and Added Services Manager Equinox Software, Inc. / The Open Source Experts email: gmc@esilibrary.com direct: +1 770-709-5581 cell: +1 404-984-4366 skype: gmcharlt web: http://www.esilibrary.com/ Supporting Koha and Evergreen: http://koha-community.org & http://evergreen-ils.org
Greetings, The Koha did not write the driver. This is a VuFind issue. I took a quick look by: $ git clone https://github.com/vufind-org/vufind.git $ vi ~/vufind/module/VuFind/src/VuFind/ILS/Driver/Koha.php -- And around line 484: // Koha uses MD5_BASE64 encoding to save borrowers' passwords, function // 'rtrim' is used to discard trailing '=' signs, suitable for pushing // into MySQL database $db_pwd = rtrim(base64_encode(pack('H*', md5($password))), '='); Correct that code on the VuFind repository and happiness should be restored. Sorry, but how to correct these lines is left as an exercise for someone who knows: - how to provide patches to VuFind - Koha, and - PHP. Sorry, but I don't know the first. In summary, this is a VuFind issue, not a Koha issue. GPML, Mark Tompsett P.S. I have an untested attempt at a re-write of the problematic function.
participants (3)
-
Galen Charlton -
Mark Tompsett -
Olugbenga Adara