Laravel Auth - use md5 instead of the integrated Hash::make()
MD5 is horribly outdated. I recommend that you don't try to keep it.
Instead, when a user first logs in, and Auth::attempt
fails, you should then try to compare their password to the database as MD5
$user = User::where('username', '=', Input::get('username'))->first();
if(isset($user)) {
if($user->password == md5(Input::get('password'))) { // If their password is still MD5
$user->password = Hash::make(Input::get('password')); // Convert to new format
$user->save();
Auth::login(Input::get('username'));
}
}
Jazerix
I'm a happy guy, studying computer science at the University of Southern Denmark. I feel most at home working with C# or PHP -> Laravel. Lately I've also taken an interest in Vue.js.
Updated on July 21, 2022Comments
-
Jazerix almost 2 years
So, I'm switching over to laravel for my site. My old site currently holds around 500 users. Each user has a md5 hash attached to them, as the password (duh ^^).
As I'm switching over to laravel, I wish to use the Auth::attempt unfortunately it uses its own method to hash password strings. I don't want all my users to change their password, because I'm switching to laravel, is it possible to make the Auth class use md5 instead, so my users don't have to switch password? :)
If yes, can someone show me how?
-
Jazerix over 10 yearsThank you, I will give it a try, and get back :)
-
fideloper over 10 yearsIt can't be over-stated enough: Don't use md5. This article has good information as to why.
-
Jazerix over 10 yearsWell, with the new system, I will force the users to enter their password again when they login, so I can change their password hash to the one laravel uses. I'm glad that I've learned this though ^^ Thanks
-
Jazerix over 10 yearsRead the article, using bcrypt makes a lot of sense, thanks! :D