I am working on an old php app and the password of the users are hashed with the <code>md5()</code> function. So the passwords are stored like: <pre class="prettyprint"><code>c0c92dd7cc524a1eb55ffeb8311dd73f </code></pre> I am developing a new app with Laravel 4 and I need suggestions on how to migrate the <code>users</code> table without losing the password field.

Lose the password field as fast as you can, but if you don't want risking to lose users, you can do something like this on your auth method: <pre class="prettyprint"><code>if (Auth::attempt(array('email' => Input::get('email'), 'password' => Input::get('password')))) { return Redirect::intended('dashboard'); } else { $user = User::where('email', Input::get('email'))->first(); if( $user && $user->password == md5(Input::get('password')) ) { $user->password = Hash::make(Input::get('password')); $user->save(); Auth::login($user->email); return Redirect::intended('dashboard'); } } </code></pre> This will basically change a password from md5 to Hash every time a user logs in. But you really have to think about sendind a link to all your users so they change their passwords. EDIT: To improve security even more, according to @martinstoeckli comment, would be better to: Hash all your current md5 passwords: <pre class="prettyprint"><code>foreach(Users::all() as $user) { $user->password = Hash::make($user->password); $user->save(); } </code></pre> And then use an even more cleaner method to update your passwords: <pre class="prettyprint"><code>$password = Input::get('password'); $email = Input::get('email'); if (Auth::attempt(array('email' => $email, 'password' => $password))) { return Redirect::intended('dashboard'); } else if (Auth::attempt(array('email' => $email, 'password' => md5($password)))) { Auth::user()->password = Hash::make($password); Auth::user()->save(); return Redirect::intended('dashboard'); } </code></pre>

Migrating users table with hashed password from old php app to new laravel app

I am working on an old php app and the password of the users are hashed with the md5() function. So the passwords are stored like:

c0c92dd7cc524a1eb55ffeb8311dd73f

I am developing a new app with Laravel 4 and I need suggestions on how to migrate the users table without losing the password field.

How does laravel match hashed password?

From Laravel 5 onward, you can use the bcrypt() function to hash a plaintext. So, you can save that hashed password in DB and then, compare the hashed password again to match. $save_password = bcrypt('plain_text_password'); $check_password = bcrypt('provided_password_while_login_request'); And then, compare these two.

Can you decrypt hash password in laravel?

You can't. Because in laravel we are Hashing password.

Does laravel use Bcrypt?

The Laravel Hash facade provides secure Bcrypt hashing for storing user passwords. If you are using the AuthController controller that is included with your Laravel application, it will be take care of verifying the Bcrypt password against the un-hashed version provided by the user.

Lose the password field as fast as you can, but if you don't want risking to lose users, you can do something like this on your auth method:

if (Auth::attempt(array('email' => Input::get('email'), 'password' => Input::get('password'))))
{
    return Redirect::intended('dashboard');
}
else
{
    $user = User::where('email', Input::get('email'))->first();

    if( $user && $user->password == md5(Input::get('password')) )
    {
        $user->password = Hash::make(Input::get('password'));

        $user->save();

        Auth::login($user->email);

        return Redirect::intended('dashboard');
    }

}

This will basically change a password from md5 to Hash every time a user logs in.

But you really have to think about sendind a link to all your users so they change their passwords.

EDIT:

To improve security even more, according to @martinstoeckli comment, would be better to:

Hash all your current md5 passwords:

foreach(Users::all() as $user)
{
    $user->password = Hash::make($user->password);

    $user->save();
}

And then use an even more cleaner method to update your passwords:

$password = Input::get('password');
$email = Input::get('email');

if (Auth::attempt(array('email' => $email, 'password' => $password)))
{
    return Redirect::intended('dashboard');
}
else
if (Auth::attempt(array('email' => $email, 'password' => md5($password))))
{
    Auth::user()->password = Hash::make($password);

    Auth::user()->save();

    return Redirect::intended('dashboard');
}

Migrating users table with hashed password from old php app to new laravel app

Tags:

php

hash

laravel

laravel-4

cawecoy

People also ask

1 Answers

Antonio Carlos Ribeiro

Recent Activity

Donate For Us

Migrating users table with hashed password from old php app to new laravel app

Tags:

php

hash

laravel

laravel-4

cawecoy

People also ask

1 Answers

Antonio Carlos Ribeiro

Related questions

Recent Activity

Donate For Us