0

I'm trying to login in my laravel Application using make:auth package Have a plain text paswword field in my database, and I want to login using this field called vcclave but also having the functions with the regular make:auth package is there a way to make this replacement?enter image description here

or theres a way to make this field encrypted to make laravel to recognize?

Pedronaldo1916
  • 69
  • 1
  • 6
  • 3
    You have probably heard this before, but it's not a good idea to store a plain text password in a database (even if you are not storing confidential data yourself)! Why do you need them in plain text? – Spholt Jan 15 '20 at 17:24
  • Wait, so are you trying to migrate your current plain text passwords to become hashed passwords? – Solomon Antoine Jan 15 '20 at 17:25
  • I don't needed to be plain text, but I cannot find the way to hash all the vcclave data in SQL server in the way laravel needs, do you know how to? – Pedronaldo1916 Jan 15 '20 at 17:43
  • there is a way to use the make:auth modules without using using hash password confirmation? – Pedronaldo1916 Jan 15 '20 at 22:49

1 Answers1

1

Based on your text I'm assuming that vcclaveis the column of your passwords. You should definitely try to get rid of plain text password fields in your database. Two options here:

  1. Create a new and delete the old column
    You could 1. create a password column, read out all the passwords from vcclave and save it hashed via Hash::make in your new password column. After that, you should drop the vcclave column but make sure that it's not needed anywhere else.

  2. Update values in your existing password column
    Similar to 1. - get all the columns and update each single one via Hash::make

  3. Change controllers behavior
    Based on your initial question you might also want to change the controllers behavior like in this answer

philippzentner
  • 396
  • 2
  • 11
  • Is there a way to hash them in SQL directly? I mean creating the password column with all the values from vcclave hashed? – Pedronaldo1916 Jan 15 '20 at 17:48
  • Not that easily I'd say, because Laravel uses Bcrypt and therefore also doesn't allow you to do direct hash-comparisons within MySQL. It always pulls the hashed password and then uses [Hash::check](https://laravel.com/docs/6.x/hashing#basic-usage) in order to compare values. That being said you should write a small script. You could put it into a migration, so you can easily deploy this database-side change alongside the other changes in your code. – philippzentner Jan 16 '20 at 05:53