PHPackages markup/fallback-password-encoder-bundle - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. markup/fallback-password-encoder-bundle ActiveSymfony-bundle markup/fallback-password-encoder-bundle ======================================= Bundle providing a password encoder stack for support of legacy user data. 1.0.3(8y ago)630.5k1MITPHP Since Oct 11Pushed 8y ago4 watchersCompare [ Source](https://github.com/usemarkup/FallbackPasswordEncoderBundle)[ Packagist](https://packagist.org/packages/markup/fallback-password-encoder-bundle)[ RSS](/packages/markup-fallback-password-encoder-bundle/feed)WikiDiscussions master Synced 2d ago READMEChangelogDependencies (4)Versions (5)Used By (0) MarkupFallbackPasswordEncoderBundle =================================== [](#markupfallbackpasswordencoderbundle) About ----- [](#about) This Symfony2 bundle offers a strategy to use for password encoding for use with the [friendsofsymfony/user-bundle](https://packagist.org/packages/friendsofsymfony/user-bundle) package (FOSUserBundle). It requires version >=2.3.6 of the Symfony Security component. The use case would be when there is legacy user data with passwords that are hashed using an algorithm that is easy to break, such as MD5. You'd like to [use bcrypt](http://codahale.com/how-to-safely-store-a-password/), but this means getting all users to reset their passwords. This bundle allows you to declare a stack of encoders, so that you can run a primary algorithm and a set of fallback algorithms at the same time. A user with a password hashed using the legacy algorithm will have the stored hash transparently updated to the new, more secure hash the next time they sign in. Current limitation: bundle does not currently work with Symfony framework encoders, as these are not declared as services. Disclaimer ---------- [](#disclaimer) The existence of this software should by no means be construed as condoning the strategy itself. It is far preferable to have all passwords in your system using the same, secure algorithm. However, you may judge that this strategy is the most pragmatic for your situation - typically when you do not wish to enforce password resetting on your user base. Installation ------------ [](#installation) Add MarkupFallbackPasswordEncoderBundle to your composer.json: ``` { "require": { "markup/fallback-password-encoder-bundle": "@dev" } } ``` Add MarkupFallbackPasswordEncoderBundle to your AppKernel.php: ``` public function registerBundles() { $bundles = array( ... new Markup\FallbackPasswordEncoderBundle\MarkupFallbackPasswordEncoderBundle(), ); ... } ``` Finally, install the bundle using Composer: ``` $ php composer.phar update markup/fallback-password-encoder-bundle ``` Usage ----- [](#usage) Configuration example: A service ID is declared as the primary encoder - this is the canonical encoder that passwords should be hashed with. You then define a stack of fallback encoders that are used to check passwords using legacy algorithms. Manipulators also need to be registered if you are not making use of the `fos_user.util.user_manipulator` service provided by FOSUserBundle. (This service will still be used as a fallback for users of a class that does not appear in the keys of this manipulators list.) ``` markup_fallback_password_encoder: encoders: primary: id: security.encoder.blowfish fallbacks: - id: my_legacy_compat.encoder.md5.saltless manipulators: My\Bundle\CustomerBundle\Entity\Customer: my_customer.util.manipulator My\Bundle\AdminUserBundle\Entity\AdminUser: my_admin_user.util.manipulator ``` In your security.yml file, you would then specify the fallback encoder as `markup_fallback_password_encoder`: ``` security: encoders: My\Bundle\CustomerBundle\Entity\Customer: id: markup_fallback_password_encoder My\Bundle\AdminUserBundle\Entity\AdminUser: id: markup_fallback_password_encoder ``` License ------- [](#license) Released under the MIT License. See LICENSE. [![Build Status](https://camo.githubusercontent.com/b4382f6fefc1c50d9073f63d3edf18b4fbac6f1e057d9a9211119f5c4121c7f9/68747470733a2f2f6170692e7472617669732d63692e6f72672f7573656d61726b75702f46616c6c6261636b50617373776f7264456e636f64657242756e646c652e706e673f6272616e63683d6d6173746572)](http://travis-ci.org/usemarkup/FallbackPasswordEncoderBundle) ### Health Score 35 — LowBetter than 79% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity27 Limited adoption so far Community13 Small or concentrated contributor base Maturity66 Established project with proven stability Bus Factor1 Top contributor holds 86.7% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~501 days Total 4 Last Release 3093d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/8c89b3982be4e6cd23e749f617e809147f98aca5f45bf24c3b5195598a4c4bfd?d=identicon)[calumbrodie](/maintainers/calumbrodie) ![](https://www.gravatar.com/avatar/67cf8ed88be79605642722cbc5902206c2e51adf755f70cfff04b2c7e5abc9ce?d=identicon)[shieldo](/maintainers/shieldo) --- Top Contributors [![shieldo](https://avatars.githubusercontent.com/u/97280?v=4)](https://github.com/shieldo "shieldo (13 commits)")[![calumbrodie](https://avatars.githubusercontent.com/u/459459?v=4)](https://github.com/calumbrodie "calumbrodie (2 commits)") --- Tags passwordbarcode ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/markup-fallback-password-encoder-bundle/health.svg) ``` [![Health](https://phpackages.com/badges/markup-fallback-password-encoder-bundle/health.svg)](https://phpackages.com/packages/markup-fallback-password-encoder-bundle) ``` ### Alternatives [nette/utils 🛠 Nette Utils: lightweight utilities for string & array manipulation, image handling, safe JSON encoding/decoding, validation, slug or strong password generating etc. 2.1k394.3M1.5k](/packages/nette-utils)[ircmaxell/password-compat A compatibility library for the proposed simplified password hashing algorithm: https://wiki.php.net/rfc/password\_hash 2.1k56.8M122](/packages/ircmaxell-password-compat)[symfony/password-hasher Provides password hashing utilities 813137.2M91](/packages/symfony-password-hasher)[picqer/php-barcode-generator An easy to use, non-bloated, barcode generator in PHP. Creates SVG, PNG, JPG and HTML images from the most used 1D barcode standards. 1.8k25.5M88](/packages/picqer-php-barcode-generator)[khanamiryan/qrcode-detector-decoder QR code decoder / reader 1.4k31.5M70](/packages/khanamiryan-qrcode-detector-decoder)[milon/barcode Barcode generator like Qr Code, PDF417, C39, C39+, C39E, C39E+, C93, S25, S25+, I25, I25+, C128, C128A, C128B, C128C, 2-Digits UPC-Based Extention, 5-Digits UPC-Based Extention, EAN 8, EAN 13, UPC-A, UPC-E, MSI (Variation of Plessey code) 1.5k13.3M39](/packages/milon-barcode) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)