HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Please upgrade here. These earlier versions are no longer being updated and have security issues.

Vanilla users to Laravel

I'm planning to migrate my vanilla site to a laravel site and while migrating the tables, I saw that the passwords were hashed. How can I use them for my new Laravel site? If I just copy it to the new table, will it work with Laravel's authentication or should I do something else?

Comments

  • vrijvlindervrijvlinder Papillon-Sauvage MVP

    Since you are moving to another platform, you should ask that at the laravel forums…

    https://laracasts.com/discuss

  • R_JR_J Ex-Fanboy Munich Moderator

    The hashing algorithm is different.

    A hash is only a value calculated based on some other values. But the result is not unique. More than one "password" could result in the same hash value. So you wouldn't be able to get the password from out of hash. All that is tested when a password is validated, is if this given password results in that hash.

    You have two options:
    a) send all your users a password reset link, so that they have to create a new password (with Laravel authentication) or
    b) create a an intermediate step which uses both frameworks, at least for a given period of time. Whenever a user logs in, test if there is already a password set in the Laravel user table and then everything is fine. If not, validate that password against Vanilla (by using Vanilla) and on success write that password to the Laravel user table so that this user will be validated by Laravel all alone the next time.


  • x00x00 MVP
    edited October 2016

    vanilla use phppass hash however it uses the blowfish option unlike wordpress. This is a pretty good hash.

    You could integrate this hashing method.

    wrapper -> /core/class.passwordhash.php (checkVanilla method)
    library -> /library/vendors/phpass.php

    grep is your friend.

    hgtonight
  • Thank you :)
    Will try implementing it and let everyone know here :)

  • infigic123infigic123 India New

    thank you for sharing. this will help me

Sign In or Register to comment.