将password_hash更改为bcrypt [英] Change password_hash to bcrypt

问题描述

我接受了一个旧项目，并开始与Laravel再次进行开发，但是我正在为已经在数据库中注册的使用权用户苦苦挣扎.

I took an old project and started to develop it again with Laravel but I am struggling with the usuers already registered on the database.

我相信他们使用

password_hash(''，PASSWORD_DEFAULT)方法

password_hash(' ', PASSWORD_DEFAULT) method

但是我认为Laravel使用了

but I think Laravel uses the

Bcrypt()

Bcrypt()

所以我无法使用这些凭据登录.有什么办法可以更改加密?

So I can't log in using those credentials. Is there any way I can change the encryption?

我不想让用户更改密码或其他任何内容

I don't want to ask the users to change the password or anything

推荐答案

阅读很好的手册揭示了 PASSWORD_BCRYPT 方法:

password_hash("thepassword", PASSWORD_BCRYPT);

如果他们已有密码，则无论使用何种方式对密码进行哈希处理，都可以使用 password_verify()确认密码.

If they have an existing password you can use password_verify() to confirm the password, no matter how it was hashed.

您可以将用户的密码哈希转换为新的密码哈希，但只能在用户登录时进行.您将需要添加另一列来保存新密码，然后在他们登录时检查现有密码(如果可能，请进行验证)，并在新列中输入空白.如果新列不为空，则将其与 password_verify()进行比较.如果为空，请使用显示的方法对新密码进行哈希处理.

You can convert the user's to new password hashes, but only when they login. You will need to add another column to hold the new password, then when they login, check for an existing password (verify if possible) and a blank one in the new column. If the new column is not blank, compare to that with password_verify(). If it is blank, hash the new password with the method shown.

最终，每个人​​都将在登录时更改其哈希方法，但是您将需要做一些工作才能使代码的形状足以安全可靠地执行转换.

Ultimately everyone will get their hashing methid changed as they log in, but it will take some work on your part to get the code in shape enough top perform the conversion safely and securely.

这篇关于将password_hash更改为bcrypt的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！