Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hey lads,
I am still stuck with migrating a shitty plaintext website to Laravel. However, so far the entire user administration is done by other applications, using a different hashing algorithm than Laravel.
Laravel by default uses bcrypt which is okay-ish.
The Passwords in my database however are being generated with
bcrypt(sha256(password))
I cannot adjust the in-use windows applications and they still require to work after this website migration.
Which is the best, safest and please, easiest way to adjust the hashing algorithm of Laravel to work with mine, rather than just bcrypt?
Sure registration is no issue, I could just do this:
RegistrationController.php
protected function create(array $data)
{
return User::create([
'name' => $data['name'],
'surname' => $data['surname'],
'email' => $data['email'],
'password' => Hash::make(hash('sha256',$data['password'])),
]);
}
But I have no idea how to verify that by login. I am using the Laravel Auth package.
Weird solutions by some weird people showing how to change the algorithm to MD5 by manipulating files within the vendor directory itself. This cannot be correct, since once updated the entire stuff gets broken again. There must be a better solution, probably with some custom made service provider? Sadly I am too new/bad with laravel to understand this. I'd love to get some serious spoonfeed here.
Thanks.
Hey @oswin
Here is where you can configure hashing in laravel: https://laravel.com/docs/master/hashing#configuration as you probably know already.
This is correct way to match your hashing as well:
'password' => Hash::make(hash('sha256',$data['password'])),
So you are on a good track. The only missing thing is to make sure that when you publish:
composer require laravel/ui
php artisan ui vue --auth
The Controllers are working working given Hashing mechanism.
Sorry but this does not help me (or I do not understand how this should help me?).
I adjusted the password validation as I have pasted above in my RegisterController. That part works, but the login doesn't work now. I somehow need to adjust the entire hashing algorithm for Laravel, so also the Login-Verification works.
I "reinstalled" laravel/ui, as posted by you, but that did nothing but destroying my Views :D
Try making your own driver and change laravel to use it (config/hashing.php)
Here is an example of a custom driver
https://github.com/wuwx/laravel-hashing-md5
This will allow you to just use the built in functions
I would create your own authentication function. It can be done in just a few lines of code and added to the LoginController
Can any of you guys link me an example or snippet? I sadly don't know enough to just do it myself. :(
Just to add, if you wanted to use laravels bcrypt, you could:
That way eventually all would be changed to the bcrypt behind the scenes.
If you open the Http\Controllers\Auth\LoginController
At the top you will see a trait being included use AuthenticatesUsers
This contains a method called attemptLogin
protected function attemptLogin(Request $request)
{
return $this->guard()->attempt(
$this->credentials($request), $request->filled('remember')
);
}
If you replicate this method in your LoginController then it will overwrite the same method in the trait.
As described in the docs https://laravel.com/docs/7.x/authentication#authenticating-users you can pass key value pair into the attempt method. The framework will hash the password supplied so all you need to do is sha256 the password before passing it.
protected function attemptLogin(Request $request)
{
return $this->guard()->attempt(
$this->credentials([
'email' => $request->email,
'password' => hash('sha256',$request->password),
]);
);
}
@oswin Laravel’s hasher is component-based. This means you can create your own hasher implementation and bind it to the container so that the built-in authentication uses your algorithm instead of one of the built-in ones.
You’ll need to extend the HashManager in a service provider to add your custom hasher:
HashManager::extend('custom', function () {
return new CustomHasher();
});
The CustomHasher class will need to conform to the Hasher interface.
Once you’ve created your custom hasher implementation, you can tell Laravel to use it by updating your config/hashing.php file:
return [
'driver' => 'custom',
// ...
];
@martinbean willing to clarify which HashManager is used/referenced in this example? I presume it to necessarily be a Facade in order to call ::extend statically, although I'm not quickly able to discern what or where that is .. in Laravel 10.
Please or to participate in this conversation.