如何将密码从md5转换为laravel加密方法

时间:2016-12-14 12:11:47

标签: laravel encryption laravel-5 md5 password-encryption

我想将现有项目重新开发为laravel。

在我的旧系统中,我将密码存储到md5中。

现在我如何根据现有用户的laravel哈希方法对其进行转换。

有没有直接的方法呢?

4 个答案:

答案 0 :(得分:6)

  

有没有直接的方法呢?

没有没有直接的方法,但您可以通过覆盖postLogin内的Auth/AuthController.php来实现这一目标,以便检查密码是否为md5格式,然后用laravel散列方法,否则用户将正常连接,如:

public function postLogin(Request $request)
{
    $this->validate($request, [
        'login' => 'required', 'password' => 'required',
    ]);
    $credentials = $this->getCredentials($request);

    //Get the user
    $user = User::where('login', $request->login)->first();

    //If Hached by bcrypt
    if (Auth::attempt($credentials, $request->has('remember'))) 
    {
        return redirect()->intended($this->redirectPath());
    }
    else //Else if Hached by md5
    {
        if( $user && $user->password == md5($request->password) )
        {
            $user->password = Hash::make($request->password);
            $user->save();

            if($user->authorized){
                $user->save();

                Auth::login($user);
            }else
                Auth::logout();
        }
    }

    return redirect($this->loginPath())
        ->withInput($request->only('login', 'remember'))
        ->withErrors([
            'login' => $this->getFailedLoginMessage(),
        ]);
}

希望这有帮助。

答案 1 :(得分:3)

不幸的是没有。

实现它的唯一方法是开发应用程序的新行为(在laravel中写入),允许用户使用旧的md5哈希密码登录,然后强制更改密码或 - 因为您可以在登录时获取用户密码process - 使用laravels哈希方法通过更新记录的用户模型来存储密码。

答案 2 :(得分:0)

只有用户才能更改密码(因为您无法看到密码)。因此,您应该为它们发送重置密码链接,然后使用Laravel哈希方法更新密码。

答案 3 :(得分:0)

这是我发现适用于Laravel 7的最简单解决方案

我发现它的来源:Laracasts Forum

我当前使用的方法是密码方法的一列。我已使用随laravel迁移的密码列中的MD5哈希密码将我的旧用户导入数据库。然后,它将转换该单个值。我正在使用Laravel提供的默认Auth UI。

与其他步骤相同的步骤是打开AuthenticatesUsers.php文件并将登录功能复制到LoginController.php

文件顶部

添加:

use Illuminate\Http\Request;
use App\User;

然后在登录功能中包含上述方法:

// check the md5 password and change md5 to bcrypt if the user was found
        $user = User::where('email', $request->email)
                ->where('password',md5($request->password))
                ->first();
        if (!empty($user->id)) {
            $user->password = bcrypt($request->input('password'));
            $user->save();
        }

最终文件:

<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use App\Providers\RouteServiceProvider;
use Illuminate\Foundation\Auth\AuthenticatesUsers;

use Illuminate\Http\Request;

use App\User;

class LoginController extends Controller
{
    /*
    |--------------------------------------------------------------------------
    | Login Controller
    |--------------------------------------------------------------------------
    |
    | This controller handles authenticating users for the application and
    | redirecting them to your home screen. The controller uses a trait
    | to conveniently provide its functionality to your applications.
    |
    */

    use AuthenticatesUsers;

    /**
     * Where to redirect users after login.
     *
     * @var string
     */
    protected $redirectTo = RouteServiceProvider::HOME;

    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('guest')->except('logout');
    }

    /**
     * Handle a login request to the application.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\Response|\Illuminate\Http\JsonResponse
     */
    public function login(Request $request)
    {
        // check the md5 password and change md5 to bcrypt if the user was found
        $user = User::where('email', $request->email)
                ->where('password',md5($request->password))
                ->first();
        if (!empty($user->id)) {
            $user->password = bcrypt($request->input('password'));
            $user->save();
        }

        $this->validateLogin($request);

        // If the class is using the ThrottlesLogins trait, we can automatically throttle
        // the login attempts for this application. We'll key this by the username and
        // the IP address of the client making these requests into this application.
        if (method_exists($this, 'hasTooManyLoginAttempts') &&
            $this->hasTooManyLoginAttempts($request)) {
            $this->fireLockoutEvent($request);

            return $this->sendLockoutResponse($request);
        }

        if ($this->attemptLogin($request)) {
            return $this->sendLoginResponse($request);
        }

        // If the login attempt was unsuccessful we will increment the number of attempts
        // to login and redirect the user back to the login form. Of course, when this
        // user surpasses their maximum number of attempts they will get locked out.
        $this->incrementLoginAttempts($request);

        return $this->sendFailedLoginResponse($request);
    }
}