Answer the question
In order to leave comments, you need to log in
How to convert user base with passwords in md5 to hasher in Laravel?
Hello. There is an old site where user passwords are hashed using md5. The new site was written on the Laravel frame with the Sentinel module for working with users.
When transferring data, I encountered a password compatibility problem. The passwords themselves are in md5, and when registering new users, recovering the password and checking when entering the site, a different hashing algorithm (bcrypt) is used.
What are the options for migrating users?
PS There was an idea in the forehead: just regenerate passwords and send notifications to users, but this is somehow not humane in relation to users.
Answer the question
In order to leave comments, you need to log in
You can add a default null field for the new password hash.
At the time of successful authorization, you know the user's real password, so if the new password in the database is null, and the old hash matches, then save the new hash in a new field, and discard the field with the old password to null.
After a couple of months / six months / a year / choose_by_mood, cut out the code of the old hash and drop the column from the database. For everyone who wants to log in, but who has null instead of a password, write that you need to go through the password recovery procedure.
An active audience will not notice the change. Those who visit too infrequently will have to sacrifice and be forced to go through a longer procedure.
PS There was an idea in the forehead: just regenerate passwords and send notifications to users, but this is somehow not humane in relation to users.
The correct answer was given.
I will write bad.
Hash the hashes again with whatever you want.
When checking a password -> always convert to md5 first.
So you save passwords, though you have to code and think about where to stick so that md5 hashing works before hashing out of the box.
Middleware is probably the easiest way to hang up and make incoming md5 passwords, then start up further.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question