Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

digital-pig's avatar

PHP app to Laravel

Is there a standard method for converting an old PHP web app into a Laravel app? Is there a typical roadmap for this? I have an old (but class-based) PHP app that was written in PHP 5.2, and has become a pain to maintain. I've been slowly converting it to PHP 8, but took a step back and realized I should ditch the custom framework and use a framework like Laravel/Symfony, so I'm exploring options. Or, should I just ensure everything is fully documented and start over? There are roughly 750k lines of PHP and JS in the project.

Any thoughts/options?

0 likes
5 replies
martinbean's avatar

@digital-pig I’ve worked on a few modernisation projects like this in the past, and these are the steps I took:

  • Create a brand new Laravel project.
  • Rename public/index.php to public/laravel-index.php, and update the Apache/nginx configuration appropriately.
  • Dumped the legacy application‘s files in the public directory.

So now, when a request comes in, your server will use the existing script if it exists, or fall back to trying to pass the request through Laravel’s front controller (public/laravel-index.php). Initially, all requests will be handled by your “legacy” code as before. You can now start re-factoring the legacy app’s scripts into models, controllers, etc.

As you chip away, the number of files in your public directory will reduce, and the number of nice Laravel controllers and models you have will increase. When you’ve finally re-factored everything to Laravel, you can rename your public/laravel-index.php front controller back to just public/index.php, and you’re left with a modern Laravel application.

It’s also a good idea to add tests as you’re going if you don’t have any already.

3 likes
jlrdw's avatar

@digital-pig I have done similar with older apps, piggy back through laravel while the re-write is taking place.

You need to migrate to Bcrypt as logins happen and flag once done. Or have users update their password.

Meaning don't use an old MD5 hashed password, not secure.

digital-pig's avatar

@jlrdw Thanks, and good point. MD5 has long since been back engineered. I prefer salted SHA, personally.

martinbean's avatar

@digital-pig Bcrypt also uses salts, and it’s much better for password hashing as Bcrypt is designed to calculate the hash as slowly as possible, whereas SHA is designed to be computationally fast, which is what you don’t want for bad actors performing password stuffing attacks.

Please or to participate in this conversation.