问题
I have an old site which I have reworked using Symfony3 and FOSUserBundle and am trying to work out the logistics of how to map the database over without having to cause problems for all the users.
The 'old' site hashes the passwords before storing with:
sha1("$salt1$pass$salt2")The 'new' site (using FOSUserBundle) uses it's default method of Bcrypt somewhere within the bundle.
Is the below the correct way to "Bcrypt" members plaintext passwords in the database as they log in?
Temporarily extend the Member entity with an additional parameter Bcrypted:
use FOS\UserBundle\Model\User as BaseUser;
class Member extends BaseUser
{
/* ... */
protected $Bcrypted=false;
}
Then once Members log in with their usual (sha1()) password, they are logged in as normal, but have a function such as below run - unfortunately I can't see where/how/if this would need to be done with FOSUserBundle:
public function updatePassword($member) {
if Bcrypted==false then {
/* ... Use whatever FOSUserBundle's "Change Password" function is to rehash the password in the database */
$member->setBcrypted('true');
}
}
Then I could keep an eye on the database and if/when all users have eventually logged in and had their password hash in the database converted then I could remove the function and $Bcrypted parameter
来源:https://stackoverflow.com/questions/34925591/is-there-a-passive-way-to-implement-a-new-hashing-method-for-users-passwords