mattesj mattesj - 7 days ago 4
PHP Question

Transfer Wordpress passwords to Laravel

I'm tryin to import users from Wordpress to Laravel but I can't get the passwords right. When the user logs in I need to check the password against md5 and hash it in bcrypt if it's correct.

I've tried this in AuthenticatesUsers.php login()

//If user got here it means the AUTH was unsuccessful
//Try to log them IN using MD5
if($user = User::where('email', $credentials['email'])->where('password', md5($credentials['password']))->first()){
//It this condition is true, the user had the right password.

//encrypt the password using bcrypt
$user->password = Hash::make($credentials['password']);
$user->save();

if (Auth::guard($this->getGuard())->attempt($credentials, $request->has('remember'))) {
return $this->handleUserWasAuthenticated($request, $throttles);
}

return $this->handleUserWasAuthenticated($request, $throttles);

}


I've also tried with Migrating old md5 passwords to bcrypt with Laravel 5.2's built in auth but i can't get it to validate the md5 password.

Answer

Use mikemclin/laravel-wp-password to has/check h your passwords:

$password = 'plain-text-password';

$wp_hashed_password = '$P$B7TRc6vrwCfjgKLZLgmN.dmPo6msZR.';

if ( WpPassword::check($password, $wp_hashed_password) ) {
    // Password success!
} else {
    // Password failed :(
}