Converting plain password in database to Laravel encrypted password

Question

I have a table called "users" where I have username and password from my users.

The passwords are in plain text. Now I've created a new site with Laravel 6.0 and Auth.

So if a user wants to loggin into my site I need to convert my password plain text to the new password encrypted.

How can I get the "salt" from my Auth and also a tools to get the encrypted password from my plain password and "salt". The reason is because I created a new column in my users table so I want to put there the password encrypted using a query.

running change_command

Answer 1

You have to create a function to update your database passwords to encrypted passwords first.

Something like this on web.php, and visit /password-updator on browser

Route::get('/password_updator', function() {
 $allusers = \DB::table('users')->get();
 foreach($users as $user) {
  $user->password = bcrypt($user->password);
  $user->save();
}
});

Make sure yo backup your database before you proceed!

Or you create a new column called password_hashed first onn users table and update it to experiment.

https://laravel.com/docs/5.4/helpers#method-bcrypt

Answer 2

The Laravel Hash facade provides secure Bcrypt and Argon2 hashing for storing user passwords.

$password = Hash::make('plain-text-password');

The bcrypt function hashes the given value using Bcrypt. You may use it as an alternative to the Hash facade:

$password = bcrypt('plain-text-password');

---

How can I get the "salt" from my Auth and also a tools to get the encrypted password from my plain password and "salt".

Verifying A Password Against A Hash

The check method allows you to verify that a given plain-text string corresponds to a given hash.

if (Hash::check('plain-text-password', $hashedPassword)) {
    // The passwords match...
}

---

Update

You can use Command or make a route to change "plain-text" password for existing customers.

Create command app/Console/Commands/ChangePassword.php

<?php

namespace App\Console\Commands;

use App\User;
use Illuminate\Console\Command;
use Illuminate\Support\Facades\Hash;

class ChangePassword extends Command
{
    /**
     * The name and signature of the console command.
     *
     * @var string
     */
    protected $signature = 'change-password';

    /**
     * The console command description.
     *
     * @var string
     */
    protected $description = 'Plain-text password changer';

    /**
     * Create a new command instance.
     *
     * @return void
     */
    public function __construct()
    {
        parent::__construct();
    }

    /**
     * Execute the console command.
     *
     * @return mixed
     */
    public function handle()
    {
        $users = User::get();

        foreach ($users as $user) {
            if (Hash::needsRehash($user->password)) {
                $user->password = Hash::make($user->password);
                $user->save();
            }
        }

        $this->info('Done..');
    }
}

Usage :

 php artisan change-password

After run command, you can try login via Auth::routes() routes.

---

Or Manually Authenticating Users

if (Auth::attempt($credentials)) { // Authentication passed... }