I am working on an old php app and the password of the users are hashed with the md5()
function. So the passwords are stored like:
c0c92dd7cc524a1eb55ffeb8311dd73f
I am developing a new app with Laravel 4 and I need suggestions on how to migrate the users
table without losing the password field.
Lose the password field as fast as you can, but if you don't want risking to lose users, you can do something like this on your auth method:
if (Auth::attempt(array('email' => Input::get('email'), 'password' => Input::get('password'))))
{
return Redirect::intended('dashboard');
}
else
{
$user = User::where('email', Input::get('email'))->first();
if( $user && $user->password == md5(Input::get('password')) )
{
$user->password = Hash::make(Input::get('password'));
$user->save();
Auth::login($user->email);
return Redirect::intended('dashboard');
}
}
This will basically change a password from md5 to Hash every time a user logs in.
But you really have to think about sendind a link to all your users so they change their passwords.
EDIT:
To improve security even more, according to @martinstoeckli comment, would be better to:
Hash all your current md5 passwords:
foreach(Users::all() as $user)
{
$user->password = Hash::make($user->password);
$user->save();
}
And then use an even more cleaner method to update your passwords:
$password = Input::get('password');
$email = Input::get('email');
if (Auth::attempt(array('email' => $email, 'password' => $password)))
{
return Redirect::intended('dashboard');
}
else
if (Auth::attempt(array('email' => $email, 'password' => md5($password))))
{
Auth::user()->password = Hash::make($password);
Auth::user()->save();
return Redirect::intended('dashboard');
}