A
A
AleDv2016-08-30 11:00:25
Laravel
AleDv, 2016-08-30 11:00:25

How to convert user base with passwords in md5 to hasher in Laravel?

Hello. There is an old site where user passwords are hashed using md5. The new site was written on the Laravel frame with the Sentinel module for working with users.
When transferring data, I encountered a password compatibility problem. The passwords themselves are in md5, and when registering new users, recovering the password and checking when entering the site, a different hashing algorithm (bcrypt) is used.
What are the options for migrating users?
PS There was an idea in the forehead: just regenerate passwords and send notifications to users, but this is somehow not humane in relation to users.

Answer the question

In order to leave comments, you need to log in

3 answer(s)
M
Melkij, 2016-08-30
@melkij

You can add a default null field for the new password hash.
At the time of successful authorization, you know the user's real password, so if the new password in the database is null, and the old hash matches, then save the new hash in a new field, and discard the field with the old password to null.
After a couple of months / six months / a year / choose_by_mood, cut out the code of the old hash and drop the column from the database. For everyone who wants to log in, but who has null instead of a password, write that you need to go through the password recovery procedure.
An active audience will not notice the change. Those who visit too infrequently will have to sacrifice and be forced to go through a longer procedure.

D
D', 2016-08-30
@Denormalization

PS There was an idea in the forehead: just regenerate passwords and send notifications to users, but this is somehow not humane in relation to users.

IMHO the best solution.
- Regenerate everything to random passwords, and set the "change_password" flag in the database.
When you log in, just show an error that you need to use the "Recover password" function

A
Alexander Aksentiev, 2016-08-30
@Sanasol

The correct answer was given.
I will write bad.
Hash the hashes again with whatever you want.
When checking a password -> always convert to md5 first.
So you save passwords, though you have to code and think about where to stick so that md5 hashing works before hashing out of the box.
Middleware is probably the easiest way to hang up and make incoming md5 passwords, then start up further.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question