this requires the user_password field in the vtiger_portalinfo table to be expanded to at least 70 characters, I set mine to 255 to accomodate the hashed password. There is a minor additional change required to the customer portal to work with this, line 50 changes from
if(strtolower(
result[0][′username′])==strtolower(
username) && strtolower(
result[0][′userpassword′])==strtolower(
password))
to
if(strtolower(
result[0][′username′])==strtolower(
username))
In a migration script as well as expanding the user_password field it should generate a salted hash for the existing passwords. to do that you would do something along the lines of:
for each $password in vtiger_portalinfo.user_pass { $salt='$2y$11$'.str_replace("+",".",substr(base64_encode(openssl_random_pseudo_bytes(17)),0,22)); $password = crypt($password,$salt); then save it back into vtiger_portalinfo}
