I coded up an app with a backend in PhP and got a few users. All of them have passwords, which were hashed using PhP's crypt function with the same salt every time of "PASSWORD_DEFAULT".
Now, because that code was very bad, I am transitioning to JavaScript where to hash passwords I am using the bcrypt Node Module with a randomly generated salt.
I was wondering, is there any way to save the old user's logins and make them valid even with the new hash, or are they gone forever?
EDIT FOR CODE:
Old PhP Code:
$stmt = $this->db->prepare(
"INSERT INTO USERS (deviceID, latitude, longitude, username, password, date_reg) VALUES (?, ?, ?, ?, ?, CURDATE());");
$stmt->bind_param("sddss", $deviceID, $rounded_down_lat, $rounded_down_long, $username, crypt($password, "PASSWORD_DEFAULT"));
New JavaScript/Node.js Code:
add_user(deviceID, username, unencrypt_password, latitude, longitude, dob, gender) {
latitude = latitude - latitude % process.env.ERR_RANGE + Number(process.env.ERR_RANGE);
longitude = longitude - longitude % process.env.ERR_RANGE + Number(process.env.ERR_RANGE);
var salt = bcrypt.genSaltSync(saltRounds);
var password = bcrypt.hashSync(unencrypt_password, salt);
var add_user_query = mysql.format(add_user_sql, [deviceID, latitude, longitude, username, password, salt, new Date(), dob, gender]);
...
}
