you may create an extended user-class.
This class is using the old pw-hashing from imported users as long as the password wasn't changed.
As soon, as the user gets a new password the default modx-hashing is used.
<?php
class pmUser extends modUser {
function __construct(xPDO & $xpdo) {
parent::__construct($xpdo);
$this->set('class_key', 'pmUser');
}
/**
* Determines if the provided password matches the hashed password stored for the user.
*
* @param string $password The password to determine if it matches.
* @param array $options Optional settings for the hashing process.
* @return boolean True if the provided password matches the stored password for the user.
*/
public function passwordMatches($password, array $options = array()) {
$match = false;
$hashedPassword = md5(addslashes($password) . "xxxxxxxxxxxxxxxx");//code from old system deleted
$_SESSION['hashings']['hashedpw'] = $hashedPassword;
$_SESSION['hashings']['thispw'] = $this->get('password');
$match = ($this->get('password') === $hashedPassword);
if (!$match && $this->xpdo->getService('hashing', 'hashing.modHashing')) {
$options = array_merge(array('salt' => $this->get('salt')), $options);
$hashedPassword = $this->xpdo->hashing->getHash('', $this->get('hash_class'))->hash($password, $options);
$match = ($this->get('password') === $hashedPassword);
}
return $match;
}
/**
* The modUser password field is hashed automatically, and prevent sudo from being set via mass-assignment
*
* {@inheritdoc}
*/
public function set($k, $v = null, $vType = '', $checkhash = true) {
if (!$this->getOption(xPDO::OPT_SETUP)) {
if ($k == 'sudo')
return false;
}
if ($checkhash && in_array($k, array('password', 'cachepwd')) && $this->xpdo->getService('hashing', 'hashing.modHashing')) {
if (!$this->get('salt')) {
$this->set('salt', md5(uniqid(rand(), true)));
}
$vOptions = array('salt' => $this->get('salt'));
$v = $this->xpdo->hashing->getHash('', $this->get('hash_class'))->hash($v, $vOptions);
}
return modPrincipal::set($k, $v, $vType);
}
}