Updating Php website to laravel and all md5 passwords are broken

182 views Asked by At

i am upgrading my raw php website to laravel 7. all my users have their passwords stored in md5 encryption. now when i try to login any of those user account with correct password, it returns error with 'These credentials do not match our records.'. How can i check if my users have entered md5 password and update their password ? can someone help me with this?

1

There are 1 answers

0
Ezequiel Fernandez On

Yes, that is correct, Laravel uses different encryption for passwords.

Hash::make($password)

here the one they use

https://en.wikipedia.org/wiki/Bcrypt

The best way to do that is to ask your users to set a new password.


Other dirty way would be to have a column with those old md5 passwords and check it in AuthController if correct, then create the new password using the reques parameter and tick in somewhere password_updated=1 or something like that.