I shut down the login system in WPSDAA web site on Wednesday, January 19th to avoid the growing problems from users unable to log in. I have been thinking for two days since I do not want to destroy the register users where they store the name and emails in login system and have to start over again to register new ones.
I got good idea how to solve this: creating a new password column in database. So, I made the flowchart diagram to solve this problem in WPSDAA user interface. Here how it works:
Last Saturday January 22nd I spend all night fixing, debugging and testing the login system includes register, change password, forgot password, and log in to see if it works. It worked really well.
Also in MySQL function, I have used new Encryption Function, to avoid using PASSWORD() function which was used before Wednesday, January 19th. Please note to yourself, this new encryption function for administrator may not see the users’ password, they only see the encryption password, instead users’ words, there is no way to decrypt (or change) this back to normal password. It is safe to prevent the hackers, also bring the users to show our honest and trust. The function code remains confident only for me.
However, few days later, I spend some of my time reading MySQL developer’s reference manual web site about Encryption Function, and I found answer that I could restore the old password in WPSDAA web site login system:
I could do that, but I pefer to use new encrypted password for application user just like login system in WPSDAA web site. Amazing, I worked harder, not surrender myself to bring WPSDAA web site much alive.
...the --old-passwords option is to allow you to maintain backward compatibility with pre-4.1 clients under circumstances where the server would otherwise generate long password hashes.