Migrating users table with hashed password from old php app to new laravel app

Question

I am working on an old php app and the password of the users are hashed with the md5() function. So the passwords are stored like:

c0c92dd7cc524a1eb55ffeb8311dd73f

I am developing a new app with Laravel 4 and I need suggestions on how to migrate the users table without losing the password field.

Answer 1

Lose the password field as fast as you can, but if you don't want risking to lose users, you can do something like this on your auth method:

if (Auth::attempt(array('email' => Input::get('email'), 'password' => Input::get('password'))))
{
    return Redirect::intended('dashboard');
}
else
{
    $user = User::where('email', Input::get('email'))->first();

    if( $user && $user->password == md5(Input::get('password')) )
    {
        $user->password = Hash::make(Input::get('password'));

        $user->save();

        Auth::login($user->email);

        return Redirect::intended('dashboard');
    }

}

This will basically change a password from md5 to Hash every time a user logs in.

But you really have to think about sendind a link to all your users so they change their passwords.

EDIT:

To improve security even more, according to @martinstoeckli comment, would be better to:

Hash all your current md5 passwords:

foreach(Users::all() as $user)
{
    $user->password = Hash::make($user->password);

    $user->save();
}

And then use an even more cleaner method to update your passwords:

$password = Input::get('password');
$email = Input::get('email');

if (Auth::attempt(array('email' => $email, 'password' => $password)))
{
    return Redirect::intended('dashboard');
}
else
if (Auth::attempt(array('email' => $email, 'password' => md5($password))))
{
    Auth::user()->password = Hash::make($password);

    Auth::user()->save();

    return Redirect::intended('dashboard');
}