Changing Laravel 5.4 password encryption and table column names
Solution 1
I would make custom user provider php artisan make:provider CustomUserProvider
:
<?php
namespace App\Providers;
use Illuminate\Auth\EloquentUserProvider;
use Illuminate\Contracts\Auth\Authenticatable as UserContract;
class CustomUserProvider extends EloquentUserProvider {
/**
* Validate a user against the given credentials.
*
* @param \Illuminate\Contracts\Auth\Authenticatable $user
* @param array $credentials
* @return bool
*/
public function validateCredentials(UserContract $user, array $credentials)
{
$plain = $credentials['password']; // will depend on the name of the input on the login form
$hashedValue = $user->getAuthPassword();
if ($this->hasher->needsRehash($hashedValue) && $hashedValue === md5($plain)) {
$user->passwordnew_enc = bcrypt($plain);
$user->save();
}
return $this->hasher->check($plain, $user->getAuthPassword());
}
}
This way if the password exists using md5 it will allow it to work once and then rehash it.
You will register the CustomUserProvider
in App\Providers\AuthServiceProvider boot()
as follows:
$this->app['auth']->provider('custom', function ($app, array $config) {
$model = $app['config']['auth.providers.users.model'];
return new CustomUserProvider($app['hash'], $model);
});
Edit your config/auth.php
'providers' => [
'users' => [
'driver' => 'custom',
'model' => App\User::class,
],
],
You will also need to add the following as mentioned previously...
app\Http\Controllers\Auth\LoginController.php
public function username()
{
return 'memberid';
}
app\User.php
public function getAuthIdentifierName()
{
return 'memberid';
}
public function getAuthIdentifier()
{
return $this->memberid;
}
public function getAuthPassword()
{
return $this->passwordnew_enc;
}
Solution 2
Alright I got it
app\User.php
public function setPasswordAttribute($value)
{
$this->attributes['password'] = md5($value);
}
public function getAuthPassword()
{
return $this->passwordnew_enc;
}
public function getAuthIdentifierName()
{
return 'memberid';
}
app\Http\Controllers\Auth\LoginController.php
public function username()
{
return 'memb___id';
}
config\app.php
// Illuminate\Hashing\HashServiceProvider::class,
App\Providers\MD5HashServiceProvider::class,
app\Providers\MD5HashServiceProvider.php
<?php namespace App\Providers;
use Illuminate\Support\ServiceProvider;
class MD5HashServiceProvider extends ServiceProvider
{
/**
* Indicates if loading of the provider is deferred.
*
* @var bool
*/
protected $defer = true;
/**
* Register the service provider.
*
* @return void
*/
public function register()
{
$this->app->singleton('hash', function () {
return new \MD5Hasher;
});
}
/**
* Get the services provided by the provider.
*
* @return array
*/
public function provides()
{
return ['hash'];
}
}
lib\MD5Hasher\MD5Hasher.php
<?php
class MD5Hasher implements Illuminate\Contracts\Hashing\Hasher
{
/**
* Hash the given value.
*
* @param string $value
* @return array $options
* @return string
*/
public function make($value, array $options = array())
{
return md5($value); //hash('md5', $value);
}
/**
* Check the given plain value against a hash.
*
* @param string $value
* @param string $hashedValue
* @param array $options
* @return bool
*/
public function check($value, $hashedValue, array $options = array())
{
return $this->make($value) === $hashedValue;
}
/**
* Check if the given hash has been hashed using the given options.
*
* @param string $hashedValue
* @param array $options
* @return bool
*/
public function needsRehash($hashedValue, array $options = array())
{
return false;
}
}
composer.json
...
"autoload": {
"classmap": [
...
"app/Lib"
],
...
Solution 3
upful's code worked for me (in Laravel 5.4)
But I needed to add:
use Illuminate\Contracts\Auth\Authenticatable as UserContract;
in the CustomUserProvider
class.
dev
Updated on June 22, 2022Comments
-
dev almost 2 years
I am trying to integrate the auth in laravel 5.4 within an existing database where the user and password fields have other names (
memberid
,passwordnew_enc
). With the bellow changes and forcing thecreate
function inRegisterController
to use MD5 I managed to make the registration work. It also logins fine after registration. However the actual login form returns:These credentials do not match our records.
So far I have changed the
User.php
public function getAuthPassword() { return $this->passwordnew_enc; }
and
public function setPasswordAttribute($value) { $this->attributes['password'] = md5($value); }
Also on
LoginController.php
public function username() { return 'memberid'; }
Did I miss something ?
I only need to change the two column names to fit and the password encryption from bcrypt to md5
-
zaph about 7 yearsThere is so little reason to MD5 or just hash passwords, might as well just save them as plain text. MD5 falls to lookup in a rainbow table. See List of Rainbow Tables and crackstation.net.
-
Sunny Techo almost 7 yearsIn laravel 5.4, I'm facing issue, if you use exact copy of "CustomUserProvider" then it will not work properly you must have to implement all functions of "UserProvider" interface.
-
upful almost 7 years@SunnyTecho: I'm not sure what you mean... the
CustomUserProvider
is extending theEloquentUserProvider
so why would you need to implement all methods ofUserProvider
when theEloquentUserProvider
already does this? -
JCarlosR about 6 yearsProbably MD5 is not so good. But the idea about using a custom HashServiceProvider helped me. You don't deserve that -1, so I am removing it.
-
Muhaimin CS over 5 yearsi'm still using this in laravel 5.7