I have to migrate one project from CI to Laravel. This project uses Ion Auth by Ben Edmunds (http://benedmunds.com/ion_auth/). The question is whether there is possible to preserve old user passwords (so the old users do not have to recover their passwords). In the config file of Ion Auth there is set sha1 as the hash method
$config['hash_method'] = 'sha1';
What you should do is something like this (semi pseudocode - not tested - but you get the idea):
login()
{
$password = Input::get('password');
$user = User::where('email', '=', Input::get('email');
if (sha1($password) == $user->password)
{
// User old password matches - so now lets re-hash the password as bcrypt
$user->password = Hash::make($password);
}
... do rest of authentication normally
}
Basically before you do the normal Laravel login stuff, do a check if the sha1() old password matches, and if so, convert the raw password into a bcrypt hash that Laravel uses.
This allows you to migrate users across without any password resets.
This won't work exactly since Ion Auth doesn't use a straight sha1 hash. You can look in the model to see the hashing algorithm, you'll then just want to duplicate that in Laravel.
The main thing to look for is to check your config and see if you're using SHA1 or BCrypt since Ion Auth supports both.
