如何将密码从md5转换为laravel加密方式
How to convert password from md5 to laravel encryption method
我想将我现有的项目重新开发到 laravel。
在我的旧系统中,我将密码存储在 md5 中。
现在如何根据现有用户的 laravel 哈希方法转换它。
有什么直接的方法吗?
很遗憾没有。
实现它的唯一方法是开发您的应用程序的新行为(在 laravel 中编写),允许用户使用旧的、md5 哈希密码登录,然后强制更改密码,或者 - 因为您可以在登录过程中获取用户密码 - 通过更新登录的用户模型使用 laravels 哈希方法存储密码。
只有用户可以更改他的密码(因为您看不到他们的密码)。所以你应该为他们发送一个重置密码 link 然后用 Laravel 哈希方法更新密码。
Is there any direct method to do it?
不,没有直接的方法,但是您可以通过覆盖 Auth/AuthController.php
中的 postLogin
来实现,这样它将检查密码是否为 md5
格式,然后使用 laravel 哈希方法否则用户将正常连接,如:
public function postLogin(Request $request)
{
$this->validate($request, [
'login' => 'required', 'password' => 'required',
]);
$credentials = $this->getCredentials($request);
//Get the user
$user = User::where('login', $request->login)->first();
//If Hached by bcrypt
if (Auth::attempt($credentials, $request->has('remember')))
{
return redirect()->intended($this->redirectPath());
}
else //Else if Hached by md5
{
if( $user && $user->password == md5($request->password) )
{
$user->password = Hash::make($request->password);
$user->save();
if($user->authorized){
$user->save();
Auth::login($user);
}else
Auth::logout();
}
}
return redirect($this->loginPath())
->withInput($request->only('login', 'remember'))
->withErrors([
'login' => $this->getFailedLoginMessage(),
]);
}
希望对您有所帮助。
这是我发现适用于 Laravel 7
的最简单的解决方案
来源到我发现这个的地方:Laracasts Forum
我目前使用的方法是单列密码方法。我已经使用 laravel 迁移的密码列中的 MD5 散列密码将我的旧用户导入到数据库中。然后它转换该单个值。我正在使用 Laravel.
提供的默认 Auth UI
与其他人提到的相同步骤打开 AuthenticatesUsers.php 文件并将登录功能复制到 LoginController.php
在文件的顶部
添加:
use Illuminate\Http\Request;
use App\User;
然后在登录函数里面包含上面提到的方法:
// check the md5 password and change md5 to bcrypt if the user was found
$user = User::where('email', $request->email)
->where('password',md5($request->password))
->first();
if (!empty($user->id)) {
$user->password = bcrypt($request->input('password'));
$user->save();
}
最终文件:
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use App\Providers\RouteServiceProvider;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use App\User;
class LoginController extends Controller
{
/*
|--------------------------------------------------------------------------
| Login Controller
|--------------------------------------------------------------------------
|
| This controller handles authenticating users for the application and
| redirecting them to your home screen. The controller uses a trait
| to conveniently provide its functionality to your applications.
|
*/
use AuthenticatesUsers;
/**
* Where to redirect users after login.
*
* @var string
*/
protected $redirectTo = RouteServiceProvider::HOME;
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest')->except('logout');
}
/**
* Handle a login request to the application.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*/
public function login(Request $request)
{
// check the md5 password and change md5 to bcrypt if the user was found
$user = User::where('email', $request->email)
->where('password',md5($request->password))
->first();
if (!empty($user->id)) {
$user->password = bcrypt($request->input('password'));
$user->save();
}
$this->validateLogin($request);
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
if (method_exists($this, 'hasTooManyLoginAttempts') &&
$this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
if ($this->attemptLogin($request)) {
return $this->sendLoginResponse($request);
}
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
$this->incrementLoginAttempts($request);
return $this->sendFailedLoginResponse($request);
}
}
我想将我现有的项目重新开发到 laravel。
在我的旧系统中,我将密码存储在 md5 中。
现在如何根据现有用户的 laravel 哈希方法转换它。
有什么直接的方法吗?
很遗憾没有。
实现它的唯一方法是开发您的应用程序的新行为(在 laravel 中编写),允许用户使用旧的、md5 哈希密码登录,然后强制更改密码,或者 - 因为您可以在登录过程中获取用户密码 - 通过更新登录的用户模型使用 laravels 哈希方法存储密码。
只有用户可以更改他的密码(因为您看不到他们的密码)。所以你应该为他们发送一个重置密码 link 然后用 Laravel 哈希方法更新密码。
Is there any direct method to do it?
不,没有直接的方法,但是您可以通过覆盖 Auth/AuthController.php
中的 postLogin
来实现,这样它将检查密码是否为 md5
格式,然后使用 laravel 哈希方法否则用户将正常连接,如:
public function postLogin(Request $request)
{
$this->validate($request, [
'login' => 'required', 'password' => 'required',
]);
$credentials = $this->getCredentials($request);
//Get the user
$user = User::where('login', $request->login)->first();
//If Hached by bcrypt
if (Auth::attempt($credentials, $request->has('remember')))
{
return redirect()->intended($this->redirectPath());
}
else //Else if Hached by md5
{
if( $user && $user->password == md5($request->password) )
{
$user->password = Hash::make($request->password);
$user->save();
if($user->authorized){
$user->save();
Auth::login($user);
}else
Auth::logout();
}
}
return redirect($this->loginPath())
->withInput($request->only('login', 'remember'))
->withErrors([
'login' => $this->getFailedLoginMessage(),
]);
}
希望对您有所帮助。
这是我发现适用于 Laravel 7
的最简单的解决方案来源到我发现这个的地方:Laracasts Forum
我目前使用的方法是单列密码方法。我已经使用 laravel 迁移的密码列中的 MD5 散列密码将我的旧用户导入到数据库中。然后它转换该单个值。我正在使用 Laravel.
提供的默认 Auth UI与其他人提到的相同步骤打开 AuthenticatesUsers.php 文件并将登录功能复制到 LoginController.php
在文件的顶部
添加:
use Illuminate\Http\Request;
use App\User;
然后在登录函数里面包含上面提到的方法:
// check the md5 password and change md5 to bcrypt if the user was found
$user = User::where('email', $request->email)
->where('password',md5($request->password))
->first();
if (!empty($user->id)) {
$user->password = bcrypt($request->input('password'));
$user->save();
}
最终文件:
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use App\Providers\RouteServiceProvider;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use App\User;
class LoginController extends Controller
{
/*
|--------------------------------------------------------------------------
| Login Controller
|--------------------------------------------------------------------------
|
| This controller handles authenticating users for the application and
| redirecting them to your home screen. The controller uses a trait
| to conveniently provide its functionality to your applications.
|
*/
use AuthenticatesUsers;
/**
* Where to redirect users after login.
*
* @var string
*/
protected $redirectTo = RouteServiceProvider::HOME;
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest')->except('logout');
}
/**
* Handle a login request to the application.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*/
public function login(Request $request)
{
// check the md5 password and change md5 to bcrypt if the user was found
$user = User::where('email', $request->email)
->where('password',md5($request->password))
->first();
if (!empty($user->id)) {
$user->password = bcrypt($request->input('password'));
$user->save();
}
$this->validateLogin($request);
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
if (method_exists($this, 'hasTooManyLoginAttempts') &&
$this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
if ($this->attemptLogin($request)) {
return $this->sendLoginResponse($request);
}
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
$this->incrementLoginAttempts($request);
return $this->sendFailedLoginResponse($request);
}
}