9 lines
563 B
Markdown
9 lines
563 B
Markdown
Steps for Lazy Migration:
|
|
Add a Column: Add a hash_version or new_password column to your database to differentiate between legacy (MD5) and new hashes.
|
|
Update Login Logic:
|
|
User enters plaintext_password.
|
|
Check if password_hash is MD5.
|
|
If yes, check if (md5(plaintext_password) == stored_md5_hash).
|
|
If matches, compute new_hash = password_hash(plaintext_password, PASSWORD_DEFAULT).
|
|
Update database with new_hash and set hash_version to "new".
|
|
Handle Remaining Users: After a set period, force a password reset for any remaining accounts still using the MD5 hash. |