Migrating User Accounts: Passwords not working


as we have some 50+ users in our K2 system we are thinking of using/extending your script at https://getkirby.com/docs/cookbook/setup/migrate-users to migrate the users.

However, when I tried with my own account to manually copy the K2 password hash to the K3 .htaccess, the login did not work any more. Also, when I set my old password in K3 via the panel the generated hash in the K3 .htaccess was like 90% different from the hash in K2.

Do you have any hints what I’m doing wrong? It would be a great help if we could find a way to reuse the old user passwords from K2 in K3.


That is by design, the same string doesn’t generate the same hash. You. can try that yourself:

$password = "sometexthere";
echo password_hash($password, PASSWORD_DEFAULT);

Kirby. 3 requires. passwords. that are at least 8 characters. long. If. your Kirby 2 passwords. are. shorter, you can’t use. them. (Sorry. for the. dots, my. keyboard is messing everything up again)

My old password which I tried to copy is 8+ characters.

I’m just confused why the user migration script from the docs copies the password hash when the K2 hash obviously doesn’t work in K3. What’s the point of that?

Or am I doing something wrong?

We tested the script before publishing it. I’ll test again.

Sorry that it took a while.

I tested this again. Create 3 users in 2.5.12, moved the accounts folder to 3.2, created the missing user roles blueprints, removed the unnecessary files from the accounts folder so that only the account php files were left and executed the script.

I have no problem logging in with the newly created users. Have you made sure you created the user role files?

I did it this way:

  1. clean install of K3
  2. created a user in K3 panel
  3. login with new password worked fine
  4. copied the password hash from the old K2 install to the .htpasswd of the K3 user account
  5. Login did not work

Our original K2 site has been around for quite a while and started with early K2 version with several upgrades to the latest.

Could it be that password hashes created in earlier K2 versions are not compatible with K3? And is there any workaround for this?

-did you delete the session folder after that? And all caches?

This worked! Thanks for the hint!