Convert Password Yii1 to Yii2

I’m updating my system from Yii 1 to 2.x and have an issue with passwords. I want to keep the same password on version 1.x in my new app running Yii 2.x

I’m not sure how I can convert the password database. This is what I have in Yii 1


and this is what I have on Yii 2.x


how can I make both versions to have the same password?

What is the encryption method used in your old system? sha1, md5? You should use bcrypt because it’s safer.

I think that the best option for the system is to create mechanism where users can reset their passwords to new ones.

I would import all DB entries with additional column marking the account as "required-to-change-password" and then send password reset token to the email address of user trying to log in on this account.

User changes its password to the one he likes and it’s bcrypt now so everyone’s happy.

BUT if you really want to keep the old passwords you need to implement the password hashing and validating functionality to be the same as in old system. And again - not recommended.

This is for Yii 1.1, but the concept is applicable to 2.0.

It enables you to upgrade the password hash of a user when he/she logins with no extra burden to him/her.

Thank you guys for the ideas.