How to convert password from md5 to laravel encryption method

Question

I want to re-develop my existing project to laravel.

In my old system I store password into md5.

Now how can I convert it according to laravel hash method for existing user.

Is there any direct method to do it?

Answer 1

Is there any direct method to do it?

No there's no direct method, but you could achieve that by overriding postLogin inside Auth/AuthController.php so it will check if the password is in md5 format then recrypt it with laravel hashing method else the user will connect normally, like :

public function postLogin(Request $request)
{
    $this->validate($request, [
        'login' => 'required', 'password' => 'required',
    ]);
    $credentials = $this->getCredentials($request);

    //Get the user
    $user = User::where('login', $request->login)->first();

    //If Hached by bcrypt
    if (Auth::attempt($credentials, $request->has('remember'))) 
    {
        return redirect()->intended($this->redirectPath());
    }
    else //Else if Hached by md5
    {
        if( $user && $user->password == md5($request->password) )
        {
            $user->password = Hash::make($request->password);
            $user->save();

            if($user->authorized){
                $user->save();

                Auth::login($user);
            }else
                Auth::logout();
        }
    }

    return redirect($this->loginPath())
        ->withInput($request->only('login', 'remember'))
        ->withErrors([
            'login' => $this->getFailedLoginMessage(),
        ]);
}

Hope this helps.

Answer 2

Unfortunately no.

The only method to achieve it is to develop new behavior of your app (writen in laravel) that allows users to login using old, md5-hashed passwords, and then enforces password change or - because you can get users password during login process - store password using laravels hashing method by updating logged user model.

Answer 3

Only the user should change his password (as you can't see their password). So you should send a reset password link for them and then update the password with Laravel hash method.

Answer 4

Here is the simplest solution I found that works for Laravel 7

Source to where I discovered this: Laracasts Forum

The method I am currently using is a single column for password method. I have imported my old users into the database using the MD5 hashed passwords in the password column that is migrated with laravel. Then it converts that single value. I am using the default Auth UI provided with Laravel.

Same steps as others have mentioned open AuthenticatesUsers.php file and copy the login function into the LoginController.php

At the top of the file

add:

use Illuminate\Http\Request;
use App\User;

Then inside the login function include the method mentioned above:

// check the md5 password and change md5 to bcrypt if the user was found
        $user = User::where('email', $request->email)
                ->where('password',md5($request->password))
                ->first();
        if (!empty($user->id)) {
            $user->password = bcrypt($request->input('password'));
            $user->save();
        }

Final file:

<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use App\Providers\RouteServiceProvider;
use Illuminate\Foundation\Auth\AuthenticatesUsers;

use Illuminate\Http\Request;

use App\User;

class LoginController extends Controller
{
    /*
    |--------------------------------------------------------------------------
    | Login Controller
    |--------------------------------------------------------------------------
    |
    | This controller handles authenticating users for the application and
    | redirecting them to your home screen. The controller uses a trait
    | to conveniently provide its functionality to your applications.
    |
    */

    use AuthenticatesUsers;

    /**
     * Where to redirect users after login.
     *
     * @var string
     */
    protected $redirectTo = RouteServiceProvider::HOME;

    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('guest')->except('logout');
    }

    /**
     * Handle a login request to the application.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\Response|\Illuminate\Http\JsonResponse
     */
    public function login(Request $request)
    {
        // check the md5 password and change md5 to bcrypt if the user was found
        $user = User::where('email', $request->email)
                ->where('password',md5($request->password))
                ->first();
        if (!empty($user->id)) {
            $user->password = bcrypt($request->input('password'));
            $user->save();
        }

        $this->validateLogin($request);

        // If the class is using the ThrottlesLogins trait, we can automatically throttle
        // the login attempts for this application. We'll key this by the username and
        // the IP address of the client making these requests into this application.
        if (method_exists($this, 'hasTooManyLoginAttempts') &&
            $this->hasTooManyLoginAttempts($request)) {
            $this->fireLockoutEvent($request);

            return $this->sendLockoutResponse($request);
        }

        if ($this->attemptLogin($request)) {
            return $this->sendLoginResponse($request);
        }

        // If the login attempt was unsuccessful we will increment the number of attempts
        // to login and redirect the user back to the login form. Of course, when this
        // user surpasses their maximum number of attempts they will get locked out.
        $this->incrementLoginAttempts($request);

        return $this->sendFailedLoginResponse($request);
    }
}