How To Use Old Passwords After Converting Project to Laravel

Question

I converted my project to Laravel. I have an existing data which stores password hashes. If i upload this project to my remote server. My customers cannot login. They have to use forgot password section.

But it is not good for my customers.

I want to use bcrypt for password hashing like in Laravel. But in my old system. I used different method. For full compatibility i don't want to change anything in defaults of Laravel.

May be i can create a different column in database. And i can store new hashes for a month. For active users i can grab new hashes and i can convert my system.

But these are not good solutions. Do you have any idea ?

Send an email to each user with a new password. There's no workaround for this, they'll have to get changed sooner or later. — Andrei, Nov 20 '15 at 11:02
What algorithm did you use for your old hashes? Maybe this [answer](http://stackoverflow.com/a/14402451/575765) could give you an idea. — martinstoeckli, Nov 20 '15 at 12:05

score 5 · Answer 1 · answered Nov 20 '15 at 11:19

5

The way I've solved this is to create a table of the old hashes. Then, when the user logs in, I check if they still have an old hash. If they do, I try to use that with the old login algorithm, and if it succeeds, I use the password they supplied to set the new hash and remove the old one. If they don't have an old hash, I just log them in with the new algorithm.

answered Nov 20 '15 at 11:19

Joel Hinz

24,719
6
62
75

$credentials = $request->only(['mail', 'password']); How can i pass table name for credentials ? – Cihan Küsmez Nov 20 '15 at 11:35
Also a good practice is that at one point in time you have to do a mailing that user should change there password bacause of security reasons – lordkain Nov 20 '15 at 12:20
@CihanKüsmez you'll have to write your own method for checking the old hash. – Joel Hinz Nov 20 '15 at 16:23

How To Use Old Passwords After Converting Project to Laravel

1 Answers1