I have an old database of users which contains passwords hashed in a way

Question

0

Asked: June 1, 20262026-06-01T02:42:46+00:00 2026-06-01T02:42:46+00:00

I have an old database of users which contains passwords hashed in a way

0

I have an old database of users which contains passwords hashed in a way I don’t like.
I’d like for those hashes to be updated to a new hash form (bcrypt) when they log in.

I am using FOSUserBundle to manage users and Elnur’s bcrypt bundle as security encoder. Is there an easy way to plug into the password check mechanism to add this kind of algorithm:

if passwordHash is using old format
  oldFormatHash := hash userGivenPassword in the old way
  if oldFormatHash == passwordHash
     login ok
     update password in database with new hash format
  else
     login ko
else
  use default

I thought about extending the current security encoder but the isPasswordValid method does not have the id of the account to check (or its canonical name) so the updating part is not available.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-01T02:42:47+00:00

Editorial Team

2026-06-01T02:42:47+00:00Added an answer on June 1, 2026 at 2:42 am

In case it can help someone faced with this problem, here is the solution I used.
The old way of storing the passwords in the database did not use salts. So I updated this column to contain the user’s id.

Then it was easy to create my own security encoder using the salt parameter to update the user’s password hashes.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have an old database of users which contains passwords hashed in a way

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply