Laravel Auth - use md5 instead of the integrated Hash::make()

Question

So, I'm switching over to laravel for my site. My old site currently holds around 500 users. Each user has a md5 hash attached to them, as the password (duh ^^).

As I'm switching over to laravel, I wish to use the Auth::attempt unfortunately it uses its own method to hash password strings. I don't want all my users to change their password, because I'm switching to laravel, is it possible to make the Auth class use md5 instead, so my users don't have to switch password? :)

If yes, can someone show me how?

Answer 1

Don't use md5 for password hashing. Even the php manual warns against it: "Warning It is not recommended to use this function to secure passwords, due to the fast nature of this hashing algorithm.".But in your case you can use the below snippet in your project

    $user = User::where([ 
        'login_id'  => $request->login_id,
        'password'  => md5($request->password)
    ])->first(); 
    
    if ($user) { 
        Auth::login($user); 

        return redirect()->intended('home')->withSuccess('User Signed in');
    }

Answer 2

MD5 is horribly outdated. I recommend that you don't try to keep it. Instead, when a user first logs in, and Auth::attempt fails, you should then try to compare their password to the database as MD5

$user = User::where('username', '=', Input::get('username'))->first();

if(isset($user)) {
    if($user->password == md5(Input::get('password'))) { // If their password is still MD5
        $user->password = Hash::make(Input::get('password')); // Convert to new format
        $user->save();
        Auth::login(Input::get('username'));
    }
}