将旧的php应用程序的散列密码迁移到新的laravel应用程序 [英] Migrating users table with hashed password from old php app to new laravel app

问题描述

我正在处理一个旧的php应用程序，并且用户的密码与md5（）函数进行散列处理。因此，密码存储为：

  c0c92dd7cc524a1eb55ffeb8311dd73f 
  

我正在开发一个Laravel 4的新应用程序，我需要关于如何在不丢失密码字段的情况下迁移用户表的建议。 解决方案

尽可能快地将密码字段放在密码字段中，但是如果您不希望冒失去用户的风险，则可以在auth方法中执行类似操作：

  if（Auth :: attempt（array（'email'=> Input :: get（'email'），'password'=> ; Input :: get（'password'））））
 {
 return Redirect :: intended（'dashboard'）; 
} 
 else 
 {
 $ user = User :: where（'email'，Input :: get（'email'）） - > first（）; 
 
 if（$ user&& $ user-> password == md5（Input :: get（'password'）））
 {
 $ user-> ; password = Hash :: make（Input :: get（'password'））; 
 
 $ user-> save（）; 
 
 Auth :: login（$ user-> email）; 
 
返回重定向::打算（'仪表板'）; 
} 
 
} 
  

这将从根本上改变密码每次用户登录时，md5都会被哈希。

但是，您必须考虑sendind链接到所有用户，以便他们更改密码。 b
$ b

编辑： 为了提高安全性，根据@martinstoeckli 评论，将会更好：

散列所有当前的md5密码：

  foreach（Users :: all（）as $ user）
 {
 $ user-> password = Hash ::使（$用户>密码）; 
 
 $ user-> save（）; 
} 
  

然后使用更清晰的方法更新您的密码：

  $ password = Input :: get（'password'）; 
 $ email = Input :: get（'email'）; 
 
如果（Auth :: attempt（array（'email'=> $ email，'password'=> $ password）））
 {
 return Redirect ::意图（ '仪表盘'）; 
 
 
 if（Auth :: attempt（array（'email'=> $ email，'password'=> md5（$ password）））
 {
 Auth :: user（） - > password = Hash :: make（$ password）; 
 
 Auth :: user（） - > save（）; 
 
返回重定向::打算（'仪表板'）; 
} 
  

I am working on an old php app and the password of the users are hashed with the md5() function. So the passwords are stored like:

c0c92dd7cc524a1eb55ffeb8311dd73f

I am developing a new app with Laravel 4 and I need suggestions on how to migrate the users table without loosing the password field.

解决方案

Loose it the password field as fast as you can, but if you don't want risking to loose users, you can do something like this on your auth method:

if (Auth::attempt(array('email' => Input::get('email'), 'password' => Input::get('password'))))
{
    return Redirect::intended('dashboard');
}
else
{
    $user = User::where('email', Input::get('email'))->first();

    if( $user && $user->password == md5(Input::get('password')) )
    {
        $user->password = Hash::make(Input::get('password'));

        $user->save();

        Auth::login($user->email);

        return Redirect::intended('dashboard');
    }

}

This will basically change a password from md5 to Hash every time a user logs in.

But you really have to think about sendind a link to all your users so they change their passwords.

EDIT:

To improve security even more, according to @martinstoeckli comment, would be better to:

Hash all your current md5 passwords:

foreach(Users::all() as $user)
{
    $user->password = Hash::make($user->password);

    $user->save();
}

And then use an even more cleaner method to update your passwords:

$password = Input::get('password');
$email = Input::get('email');

if (Auth::attempt(array('email' => $email, 'password' => $password)))
{
    return Redirect::intended('dashboard');
}
else
if (Auth::attempt(array('email' => $email, 'password' => md5($password))))
{
    Auth::user()->password = Hash::make($password);

    Auth::user()->save();

    return Redirect::intended('dashboard');
}

这篇关于将旧的php应用程序的散列密码迁移到新的laravel应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！