发表新帖
发表新帖

Converting plain password in database to Laravel encrypted password

前端 未结
关注
2 1099
走了就别回头了
走了就别回头了 2021-01-27 11:00

I have a table called \"users\" where I have username and password from my users.

The passwords are in plain text. Now I\'ve created a new site with Laravel 6.0 and Auth

相关标签:
2条回答
  • 南笙
    2021-01-27 11:20

    You have to create a function to update your database passwords to encrypted passwords first.

    Something like this on web.php, and visit /password-updator on browser

    Route::get('/password_updator', function() {
 $allusers = \DB::table('users')->get();
 foreach($users as $user) {
  $user->password = bcrypt($user->password);
  $user->save();
}
});

    Make sure yo backup your database before you proceed!

    Or you create a new column called password_hashed first onn users table and update it to experiment.

    https://laravel.com/docs/5.4/helpers#method-bcrypt

    0 讨论(0)
  • 梦谈多话
    2021-01-27 11:37

    The Laravel Hash facade provides secure Bcrypt and Argon2 hashing for storing user passwords. 

    $password = Hash::make('plain-text-password');

    The bcrypt function hashes the given value using Bcrypt. You may use it as an alternative to the Hash facade:

    $password = bcrypt('plain-text-password');

    How can I get the "salt" from my Auth and also a tools to get the encrypted password from my plain password and "salt".

    Verifying A Password Against A Hash

    The check method allows you to verify that a given plain-text string corresponds to a given hash.

    if (Hash::check('plain-text-password', $hashedPassword)) {
    // The passwords match...
}

    Update

    You can use Command or make a route to change "plain-text" password for existing customers.

    Create command app/Console/Commands/ChangePassword.php

    <?php

namespace App\Console\Commands;

use App\User;
use Illuminate\Console\Command;
use Illuminate\Support\Facades\Hash;

class ChangePassword extends Command
{
    /**
     * The name and signature of the console command.
     *
     * @var string
     */
    protected $signature = 'change-password';

    /**
     * The console command description.
     *
     * @var string
     */
    protected $description = 'Plain-text password changer';

    /**
     * Create a new command instance.
     *
     * @return void
     */
    public function __construct()
    {
        parent::__construct();
    }

    /**
     * Execute the console command.
     *
     * @return mixed
     */
    public function handle()
    {
        $users = User::get();

        foreach ($users as $user) {
            if (Hash::needsRehash($user->password)) {
                $user->password = Hash::make($user->password);
                $user->save();
            }
        }

        $this->info('Done..');
    }
}
    Usage : 
    php artisan change-password

    After run command, you can try login via Auth::routes() routes.

    Or Manually Authenticating Users

    if (Auth::attempt($credentials)) {
    // Authentication passed...
}
    0 讨论(0)
 看不清?
提交回复
热议问题