You should be able to use laravel hashses - all you need to do is to check how Laravel is creating and checking them.
Check this code from BCryptHasher::make()
and this for validating.
The problem is that in Laravel this algorithm is a bit different. First is obtaining user from database then checking if password is the same with password_verify. While in INVO you first hash the given password and then you search for a user with given email and hash - if it finds anything then it can log user. Below should do the trick knowing the $cost
value from Laravel settings (class defaults to 10).
$password = password_hash($value, PASSWORD_BCRYPT, array('cost' => $cost));
Edit: while above would be true for SHA1 & similar. The INVO code should be changed to match the login algorithm in Laravel and BCrypt itself:
$user = Users::findFirst(array("email = :email: AND active='Y'", 'bind' => array('email' => $email));
if ($user != false && password_verify($user->password, $this->request->getPost('password'))) {
// login user
}
Laravel is using BCrypt for a reason - it is generally very good choice for hashing so you should stick to it.
Anyway you could write a password migration which will do upon each user successful login:
- validate user password using old hashing algorithm
- checks if User has migrated it's password (ie by checking some database field - or separated table)
- hash given password with new algorithm
- store new hash and update user table (with information that hash has been changed)
Which is rather complicated and should be needed only when migrating to "better" algorithm.