Login

barrypoore · 03-28-2018, 02:49 PM

(03-28-2018, 02:24 PM)jreklund Wrote: 1. Add "passwordConverted" in the database, default into 0.
2. Select user from database based on username/email
2. Check if "passwordConverted" are 0 or 1

If 0:
1. Make a query with the password, if it's matches login user
2. Rehash password and replace password in DB.
3. Set "passwordConverted" into 1 in DB.

If 1:
1. Validate with password_verify, if it's matches login user.

According to Google, MySQL password() function are equal too:

PHP Code:
function mysql_password($string){ $pass = strtoupper( sha1( sha1($string, true) ) ); $pass = '*' . $pass; return $pass; }

If that's correct, you can do passwordConverted = 0:
1. If it's a match with mysql_password; login user
2. Rehash password and replace password in DB.
3. Set "passwordConverted" into 1 in DB.

You know what? That is exactly why I posted this, that solution sounds perfect, it's funny how the obvious is often not apparent until somebody points it out to you, nice one that's great and that's exactly what I shall do. That is a great response and now I can crack on with the build, thanks a lot man Smile