问题
I am working on an old php app and the password of the users are hashed with the md5() function. So the passwords are stored like:
c0c92dd7cc524a1eb55ffeb8311dd73f
I am developing a new app with Laravel 4 and I need suggestions on how to migrate the users table without losing the password field.
回答1:
Lose the password field as fast as you can, but if you don't want risking to lose users, you can do something like this on your auth method:
if (Auth::attempt(array('email' => Input::get('email'), 'password' => Input::get('password'))))
{
return Redirect::intended('dashboard');
}
else
{
$user = User::where('email', Input::get('email'))->first();
if( $user && $user->password == md5(Input::get('password')) )
{
$user->password = Hash::make(Input::get('password'));
$user->save();
Auth::login($user->email);
return Redirect::intended('dashboard');
}
}
This will basically change a password from md5 to Hash every time a user logs in.
But you really have to think about sendind a link to all your users so they change their passwords.
EDIT:
To improve security even more, according to @martinstoeckli comment, would be better to:
Hash all your current md5 passwords:
foreach(Users::all() as $user)
{
$user->password = Hash::make($user->password);
$user->save();
}
And then use an even more cleaner method to update your passwords:
$password = Input::get('password');
$email = Input::get('email');
if (Auth::attempt(array('email' => $email, 'password' => $password)))
{
return Redirect::intended('dashboard');
}
else
if (Auth::attempt(array('email' => $email, 'password' => md5($password))))
{
Auth::user()->password = Hash::make($password);
Auth::user()->save();
return Redirect::intended('dashboard');
}
来源:https://stackoverflow.com/questions/19955793/migrating-users-table-with-hashed-password-from-old-php-app-to-new-laravel-app