【发布时间】:2017-04-16 14:48:02
【问题描述】:
我正在尝试将用户从 Wordpress 导入 Laravel,但我无法正确输入密码。当用户登录时,我需要根据 md5 检查密码,如果正确,则在 bcrypt 中对其进行哈希处理。
我已经在 AuthenticatesUsers.php login() 中尝试过这个
//If user got here it means the AUTH was unsuccessful
//Try to log them IN using MD5
if($user = User::where('email', $credentials['email'])->where('password', md5($credentials['password']))->first()){
//It this condition is true, the user had the right password.
//encrypt the password using bcrypt
$user->password = Hash::make($credentials['password']);
$user->save();
if (Auth::guard($this->getGuard())->attempt($credentials, $request->has('remember'))) {
return $this->handleUserWasAuthenticated($request, $throttles);
}
return $this->handleUserWasAuthenticated($request, $throttles);
}
我也尝试过使用Migrating old md5 passwords to bcrypt with Laravel 5.2's built in auth,但无法验证 md5 密码。
【问题讨论】:
-
$user = User::where(...中发生了什么,它找到了用户吗? -
是的,它找到了用户,但它无法验证 md5 密码。
-
如果找到用户,md5密码已经验证,你不能做的是在将密码散列到bcrypt后对用户进行身份验证,我认为......问题可能是在
if (Auth::guard($this->getGuard())->attempt($credentials, $request->has('remember'))) -
也许我误解了你。它通过电子邮件找到用户,但它不运行括号内的代码,因为它不验证密码。 md5() 是否适用于 $P$ 密码?
-
你确定密码是 md5 散列的吗?这看起来根本不像 MD5:passwordtool.hu/wordpress-password-hash-generator-v3-v4
标签: php wordpress laravel laravel-5.2