我正在开发一个旧的
PHP应用程序,并使用md5()函数对用户的密码进行哈希处理.所以密码存储如下:
c0c92dd7cc524a1eb55ffeb8311dd73f
我正在使用Laravel 4开发一个新的应用程序,我需要有关如何迁移users表而不丢失密码字段的建议.
尽可能快地丢失密码字段,但如果您不想冒失去用户的风险,可以在auth方法上执行以下操作:
if (Auth::attempt(array('email' => Input::get('email'),'password' => Input::get('password')))) { return Redirect::intended('dashboard'); } else { $user = User::where('email',Input::get('email'))->first(); if( $user && $user->password == md5(Input::get('password')) ) { $user->password = Hash::make(Input::get('password')); $user->save(); Auth::login($user->email); return Redirect::intended('dashboard'); } }
但是你必须考虑sendind链接到所有用户,以便他们更改密码.
编辑:
为了进一步提高安全性,根据@martinstoeckli评论,最好是:
哈希所有当前的md5密码:
foreach(Users::all() as $user) { $user->password = Hash::make($user->password); $user->save(); }
然后使用更简洁的方法来更新密码:
$password = Input::get('password'); $email = Input::get('email'); if (Auth::attempt(array('email' => $email,'password' => $password))) { return Redirect::intended('dashboard'); } else if (Auth::attempt(array('email' => $email,'password' => md5($password)))) { Auth::user()->password = Hash::make($password); Auth::user()->save(); return Redirect::intended('dashboard'); }