Getting Started

Minimal Setup

Installation: Run composer require selfsimilar/laravel-d7-password and add 'Selfsimilar\D7Password\D7PasswordProvider' to config/app.php under providers.
First Use: Import the facade: use Selfsimilar\D7Password\Facades\D7Password;.
Hash a Password: Use D7Password::make('plain-text-password') to generate a Drupal 7-compatible hash.
Verify a Password: Use D7Password::check('plain-text-password', $hashed_password) to validate a password against a stored hash.

First Use Case

When migrating user data from a Drupal 7 system to Laravel, hash existing plain-text passwords using D7Password::make() and store them in your Laravel database. Later, verify user logins with D7Password::check().

Implementation Patterns

Common Workflows

User Registration:

$hashedPassword = D7Password::make($request->password);
User::create([...other fields, 'password' => $hashedPassword]);

User Login:

if (D7Password::check($request->password, $user->password)) {
    // Authenticate user
}

Data Migration:

$drupalUsers = Drupal7User::all();
foreach ($drupalUsers as $user) {
    $laravelUser = User::create([
        'email' => $user->email,
        'password' => D7Password::make($user->password)
    ]);
}

Integration Tips

Laravel Hashing: Use alongside Laravel’s built-in Hash facade for multi-system compatibility. Example:

$hash = D7Password::make($password); // For Drupal 7 compatibility
$laravelHash = Hash::make($password); // For Laravel's default hashing

Custom Validation: Extend Laravel’s Password rule to support Drupal 7 hashes:

use Selfsimilar\D7Password\Facades\D7Password;

$request->validate([
    'password' => ['required', function ($attribute, $value, $fail) {
        if (!D7Password::check($value, $storedHash)) {
            $fail('The password is incorrect.');
        }
    }]
]);

Configuration: Override default settings (e.g., salt) by publishing the config file:
```
php artisan vendor:publish --provider="Selfsimilar\D7Password\D7PasswordProvider"
```
Then modify config/d7-password.php.

Gotchas and Tips

Pitfalls

Hash Format Incompatibility:
- Drupal 7 hashes are not compatible with Laravel’s default bcrypt hashes. Always use D7Password::check() for verification, not Laravel’s Hash::check().
- Fix: Store Drupal 7 hashes as-is in your database and use this package exclusively for verification.
Plain-Text Passwords in Logs:
- Avoid logging plain-text passwords during debugging. Use dd() sparingly and sanitize logs:
```
\Log::debug('Password hash generated', ['hash' => $hashedPassword]);
```
Salt Handling:
- Drupal 7 hashes include a static salt by default. If you customize the salt in config/d7-password.php, ensure consistency across all environments (dev/staging/prod).

Debugging

Verify Hashes: Use this snippet to debug hash generation/verification:

$plain = 'test123';
$hash = D7Password::make($plain);
var_dump(D7Password::check($plain, $hash)); // Should return true

Check Hash Format: Drupal 7 hashes start with $S$ (e.g., $S$A...). If you see a different prefix (e.g., $2y$ ), the hash is from a different system.

Extension Points

Custom Salt: Override the default salt in config/d7-password.php:
```
'salt' => 'custom_salt_here',
```
- Warning: Changing the salt after hashes are generated will break existing password checks.
Iteration Count: Adjust the iteration count (default: 5) for security/performance tradeoffs:
```
'iteration_count' => 7,
```

Fallback Hashing: Implement a fallback for unsupported hashes (e.g., older Drupal versions):

if (str_starts_with($hash, '$S$')) {
    return D7Password::check($password, $hash);
}
return Hash::check($password, $hash); // Fallback to Laravel's hashing

Performance

Batch Processing: For large migrations, batch hash generation to avoid memory issues:

$users = User::chunk(100, function ($users) {
    foreach ($users as $user) {
        $user->password = D7Password::make($user->plain_password);
        $user->save();
    }
});

Laravel D7 Password Laravel Package