I’m updating my system from Yii 1 to 2.x and have an issue with passwords. I want to keep the same password on version 1.x in my new app running Yii 2.x
I’m not sure how I can convert the password database. This is what I have in Yii 1
What is the encryption method used in your old system? sha1, md5? You should use bcrypt because it’s safer.
I think that the best option for the system is to create mechanism where users can reset their passwords to new ones.
I would import all DB entries with additional column marking the account as "required-to-change-password" and then send password reset token to the email address of user trying to log in on this account.
User changes its password to the one he likes and it’s bcrypt now so everyone’s happy.
BUT if you really want to keep the old passwords you need to implement the password hashing and validating functionality to be the same as in old system. And again - not recommended.