Implement the same hashing algorithm that the Game Server uses for passwords
There's a few different approaches documented in Stackoverflow answers. My thought is to override the login() rather than the hashing provider.
We would just check if the Player.salt field is set AND if the Player.pass field starts with "$2y$10$" ... meaning the Player record has a SHA512 salt AND the password is in crypt format.
If both checks are true, then do nothing special as the password is already only bcrypt hashed which is the same semantics that Laravel expects.
If the Player.password is NOT in crypt format, then we want to disallow logging into the Laravel site until they update their password. Data massage ran on the game servers already put existing users into BCrypt, so this requirement is fine as this check should always be true in our production environment.
If the Player.salt field is NOT empty, then we would do a sha512(Player.salt + md5(plainTextPassword)) before sending the plain text password down the laravel pipeline.
The main issue we want to be careful with is to NOT exactly follow some of the Stackoverflow suggestions as those algorithms will cause the password to be bcrypt hashed twice which is NOT what we want. We specifically wanted to do current default behaviour if salt field is not set, and new custom behaviour if it is.
Documentation of our hashing algorithm can be found here: Game#2318 (closed)
Here is some additional info on how to implement custom hashing algorithms in laravel: