Laravel Auth - 使用 md5 代替集成的 Hash::make()
所以,我正在为我的网站切换到 laravel.我的旧网站目前拥有大约 500 个用户.每个用户都有一个 md5 哈希作为密码 (duh ^^).
So, I'm switching over to laravel for my site. My old site currently holds around 500 users. Each user has a md5 hash attached to them, as the password (duh ^^).
当我切换到 laravel 时,我希望使用 Auth::attempt不幸的是,它使用自己的方法来散列密码字符串.我不希望我的所有用户都更改密码,因为我正在切换到 laravel,是否可以让 Auth 类使用 md5 代替,所以我的用户不必切换密码?:)
As I'm switching over to laravel, I wish to use the Auth::attempt unfortunately it uses its own method to hash password strings. I don't want all my users to change their password, because I'm switching to laravel, is it possible to make the Auth class use md5 instead, so my users don't have to switch password? :)
如果是,谁能告诉我怎么做?
If yes, can someone show me how?
推荐答案
MD5 已经过时了.我建议你不要试图保留它.相反,当用户第一次登录,并且 Auth::attempt
失败时,您应该尝试将他们的密码与数据库进行比较 MD5
MD5 is horribly outdated. I recommend that you don't try to keep it.
Instead, when a user first logs in, and Auth::attempt
fails, you should then try to compare their password to the database as MD5
$user = User::where('username', '=', Input::get('username'))->first();
if(isset($user)) {
if($user->password == md5(Input::get('password'))) { // If their password is still MD5
$user->password = Hash::make(Input::get('password')); // Convert to new format
$user->save();
Auth::login(Input::get('username'));
}
}
相关文章