Menu
So, I'm switching over to laravel for my site. My old site currently holds around 500 users. Each user has a md5 hash attached to them, as the password (duh ^^).
As I'm switching over to laravel, I wish to use the Auth::attempt unfortunately it uses its own method to hash password strings. I don't want all my users to change their password, because I'm switching to laravel, is it possible to make the Auth class use md5 instead, so my users don't have to switch password? :)
If yes, can someone show me how?
673
Definition and Usage The md5() function uses the RSA Data Security, Inc. MD5 Message-Digest Algorithm. From RFC 1321 - The MD5 Message-Digest Algorithm: "The MD5 message-digest algorithm takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input.
Just run php artisan make:auth and php artisan migrate in a fresh Laravel application. Then, navigate your browser to http://your-app.test/register or any other URL that is assigned to your application. These two commands will take care of scaffolding your entire authentication system!
The PHP function MD5() is secure. But using MD5() for hashing passwords is not secure. Hackers have created rainbow tables which are MD5 hashes of all passwords up to 12 characters in length.
MD5 is horribly outdated. I recommend that you don't try to keep it.
Instead, when a user first logs in, and Auth::attempt fails, you should then try to compare their password to the database as MD5
$user = User::where('username', '=', Input::get('username'))->first();
if(isset($user)) {
if($user->password == md5(Input::get('password'))) { // If their password is still MD5
$user->password = Hash::make(Input::get('password')); // Convert to new format
$user->save();
Auth::login(Input::get('username'));
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
