如何将密码从md5转换为laravel加密方式

How to convert password from md5 to laravel encryption method

我想将我现有的项目重新开发到 laravel。

在我的旧系统中,我将密码存储在 md5 中。

现在如何根据现有用户的 laravel 哈希方法转换它。

有什么直接的方法吗?

很遗憾没有。

实现它的唯一方法是开发您的应用程序的新行为(在 laravel 中编写),允许用户使用旧的、md5 哈希密码登录,然后强制更改密码,或者 - 因为您可以在登录过程中获取用户密码 - 通过更新登录的用户模型使用 laravels 哈希方法存储密码。

只有用户可以更改他的密码(因为您看不到他们的密码)。所以你应该为他们发送一个重置密码 link 然后用 Laravel 哈希方法更新密码。

Is there any direct method to do it?

不,没有直接的方法,但是您可以通过覆盖 Auth/AuthController.php 中的 postLogin 来实现,这样它将检查密码是否为 md5 格式,然后使用 laravel 哈希方法否则用户将正常连接,如:

public function postLogin(Request $request)
{
    $this->validate($request, [
        'login' => 'required', 'password' => 'required',
    ]);
    $credentials = $this->getCredentials($request);

    //Get the user
    $user = User::where('login', $request->login)->first();

    //If Hached by bcrypt
    if (Auth::attempt($credentials, $request->has('remember'))) 
    {
        return redirect()->intended($this->redirectPath());
    }
    else //Else if Hached by md5
    {
        if( $user && $user->password == md5($request->password) )
        {
            $user->password = Hash::make($request->password);
            $user->save();

            if($user->authorized){
                $user->save();

                Auth::login($user);
            }else
                Auth::logout();
        }
    }

    return redirect($this->loginPath())
        ->withInput($request->only('login', 'remember'))
        ->withErrors([
            'login' => $this->getFailedLoginMessage(),
        ]);
}

希望对您有所帮助。

这是我发现适用于 Laravel 7

的最简单的解决方案

来源到我发现这个的地方:Laracasts Forum

我目前使用的方法是单列密码方法。我已经使用 laravel 迁移的密码列中的 MD5 散列密码将我的旧用户导入到数据库中。然后它转换该单个值。我正在使用 Laravel.

提供的默认 Auth UI

与其他人提到的相同步骤打开 AuthenticatesUsers.php 文件并将登录功能复制到 LoginController.php

在文件的顶部

添加:

use Illuminate\Http\Request;
use App\User;

然后在登录函数里面包含上面提到的方法:

// check the md5 password and change md5 to bcrypt if the user was found
        $user = User::where('email', $request->email)
                ->where('password',md5($request->password))
                ->first();
        if (!empty($user->id)) {
            $user->password = bcrypt($request->input('password'));
            $user->save();
        }

最终文件:

<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use App\Providers\RouteServiceProvider;
use Illuminate\Foundation\Auth\AuthenticatesUsers;

use Illuminate\Http\Request;

use App\User;

class LoginController extends Controller
{
    /*
    |--------------------------------------------------------------------------
    | Login Controller
    |--------------------------------------------------------------------------
    |
    | This controller handles authenticating users for the application and
    | redirecting them to your home screen. The controller uses a trait
    | to conveniently provide its functionality to your applications.
    |
    */

    use AuthenticatesUsers;

    /**
     * Where to redirect users after login.
     *
     * @var string
     */
    protected $redirectTo = RouteServiceProvider::HOME;

    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('guest')->except('logout');
    }

    /**
     * Handle a login request to the application.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\Response|\Illuminate\Http\JsonResponse
     */
    public function login(Request $request)
    {
        // check the md5 password and change md5 to bcrypt if the user was found
        $user = User::where('email', $request->email)
                ->where('password',md5($request->password))
                ->first();
        if (!empty($user->id)) {
            $user->password = bcrypt($request->input('password'));
            $user->save();
        }

        $this->validateLogin($request);

        // If the class is using the ThrottlesLogins trait, we can automatically throttle
        // the login attempts for this application. We'll key this by the username and
        // the IP address of the client making these requests into this application.
        if (method_exists($this, 'hasTooManyLoginAttempts') &&
            $this->hasTooManyLoginAttempts($request)) {
            $this->fireLockoutEvent($request);

            return $this->sendLockoutResponse($request);
        }

        if ($this->attemptLogin($request)) {
            return $this->sendLoginResponse($request);
        }

        // If the login attempt was unsuccessful we will increment the number of attempts
        // to login and redirect the user back to the login form. Of course, when this
        // user surpasses their maximum number of attempts they will get locked out.
        $this->incrementLoginAttempts($request);

        return $this->sendFailedLoginResponse($request);
    }
}