We have all been there when we forgot the password to one of our WordPress websites and needed a quick solution. A cursory search in Google will result in information on how you can login through database (through Hosting Panel / Cpanel) and go into Database Management tool such as phpMyAdmin and change password to MD5 of new password.
This gives us two pieces of information:
WordPress uses phpass (introduced since WordPress 2.5 and now considered weak as well [1]) library which is built with MD5 fallback (for WordPress installations running older versions of PHP) and hence allows easy one-time manipulation of passwords through database. In other words, when importing users from WordPress to Laravel database (or other softwares), we will get phpass based passwords and will need to convert them into the target password hash.
Related: 10 steps to rescue Hacked WordPress website on a shared hosting
Laravel Framework on the other hand, being snazzy, doesn’t care about older PHP versions (minimum 5.6) and uses bcrypt hashing algorithm. bcrypt is built into PHP version 5.5 and onward and hence provides a much stronger hash than phpass.
Hence to convert WordPress passwords into Laravel passwords, you can either make sure that your WordPress runs on a new PHP version and change your WP passwords to be upgraded to bcrypt [2] but there will always be users who are left behind on old phpass passwords. Or you can use one of Laravel packages to convert phpass passwords into bcrypt passwords.
At The Right Software company, we use mikemclin/laravel-wp-password[4] package to tie in the code at the time of login.
//user's input data
$post_login = $request->input('post_login');
$post_password = $request->input('post_password');
//get user's saved password from database
$wp_hashed_password = $user['password'];
if ( WpPassword::check($password, $wp_hashed_password) ) {
// login successful, update password to bcrypt, send user forward
}
else {
// login failed, send user back to login page
}
After this, we update the passwords in database so that processing is saved next time.
Finally, when all passwords are updated, we can remove this code completely. Setup a reminder or a task in your management software to remove this code from repository in future uploads.
We care about customer website security and make sure to take part in betterment of internet.
Our support staff is available 24/7 to take support calls and messages from clients.
We involve client in all stages of software development to deliver satisfaction and peace of mind.
We hire developers that are technically strong and discuss the project thoroughly before starting.
If you are not happy with the quality of work or we fail to achieve final technical goal, we’ll not take your money.
We have worked with some clients for over 7 years. Our commitment and dedication is a matter of pride for us.
We care about your investment. We will tell it straight if you are making a bad decision.
NDA implied. No spam. Privacy guaranteed.
Best web, app, eCommerce and custom software development company. We provide services to more than 100 clients world-wide.
Contact The Right Software today to discuss the your next big idea.