The string of hex digits you see in the configuration file is obtained starting from a "user:password" string, base64 encoding, then geting the MD5 hash.
In php:
Bye!

Mike,

I have discussed the whole user account thing with Aprelium in great detail. I have a number of sites that have 200+ user accounts which is simply not practical to maintain via the Abyss web panel.

They were VERY good at giving me the info I needed to manipulate the XML files, but the passwords continued to be a problem. They they wrote an executable for me that allowed me to pass a string and get a properly encrypted password back.

So, I would suggest contacting them and seeing what they can offer you as a stop-gap to the next release. I don't have any idea when it will be, but one of the major improvements in version 3.0 is a rewritten user database and site configuration method. My guess is that they'd have 3.0 ready this year, but I'm not "in the know" about that one.

?
It's actually very straight forward, like I posted above.

Let's say you have a user "joebyrne" with password "christian".

You start from a string like: "joebyrne:christian"
Then base64-encode it and get: "am9lYnlybmU6Y2hyaXN0aWFu"
Then get its MD5 hash: "b71b4d19bd39709cace269d39e81c169"

That's the string that endup in the .conf file.
Parsing the XML file and replacing the passwords is a quick job.
Even simpler, the XML parsing step can be safely bypassed tout court.

Bye!

Yup, it sure it. I pass my info to the app Aprilum provided, I get a working password back.

Yes, I saw your posts on Aprelium's forum.
Don't know what kind of problems you encountered, but I tried the firsts implementations of a Base64 encoding and MD5 digest I found here in the forum and/or on PBCrypto and got the right hashes.

So, Mike, going back to your message, I think you'll not have any problems doing a mass passwords change, if you ever need it.

Bye!