Menu
Can you help me with this? I am building my own login form using Laravel. But I have a problem because I stored my password using Hash method and in my login form I used hash method again to compare. But I found out that the hash value is always changing.
Here's my code in routes:
Route::post('/admin_handle_login', function()
{
$rules = array(
'admin_username' => 'required',
'admin_password' => 'required'
);
$validate_admin_login = Validator::make(Input::all(), $rules);
if($validate_admin_login->fails()) {
$messages = $validate_admin_login->messages();
Session::flash('warning_notification','Error: Incomplete details!');
return Redirect::to('/flaxadmin')
->withErrors($messages)
->withInput(Input::except('admin_password'));
} else {
$d = array(
Input::get('admin_username'), Hash::make(Input::get('admin_password'))
);
$validate_admin = DB::table('administrators')
->select('username')
->where('username', Input::get('admin_username'))
->where('password', Hash::check('password', Input::get('admin_password')))
->count();
fp($d);
fp($validate_admin);
}
});
The result is
Array
(
[0] => admin002
[1] => $2y$10$RTwKHN9W1/unu1ZhYlNjauApJjjoNTBnE6td/AZ5jWgZEdqVav0um
)
0
In my database the password of admin002 is
$2y$10$47sSXLzh/YXN6Rf2fmljYO7lZaxfhXVSUTp5bssR2gYQ6Nw9luUH2
Is my code wrong? Or are there any proper way to do this? I am a begiiner in Laravel..
583
You will need to verify the user passwords to see if they match the passwords stored in the database. To do this, we call check() on the Hash façade. The check() method verifies if the plain-text string entered by the user matches the given hash. The code above uses the Hash facade alongside the check() method.
GtGwoyQuMy'; Both $pass1 & $pass2 are bcrypt for 'test'. $hash1 = Hash::make('test'); $hash2 = Hash::make('test'); var_dump(Hash::check('test', $hash1) && Hash::check('test', $hash2)); html.
2 ways: 1. $hashedPassword = User::find(1)->password; if (Hash::check('plain-text-password', $hashedPassword)) { // The passwords match... } $hashedPassword = User::find(1)->password; if (Hash::make('plain-text-password') === $hashedPassword) { // The passwords match... }
First, you cannot do it this way. Assuming username is unique, you should do:
$validate_admin = DB::table('administrators')
->select('username')
->where('username', Input::get('admin_username'))
->first();
if ($validate_admin && Hash::check(Input::get('admin_password'), $validate_admin->password)) {
// here you know data is valid
}
However you should think about rather using built-in methods than coding it yourself. You have Auth::attempt or Auth::validate if you want to login/check only user with password so there's really no need to code it yourself.
109
A slight improvement to marcin-nabiałek's answer, you can now use PHP's password_verify to achieve the same
$user = App\User::where('email', $request->email)->first();
if($user && password_verify($request->password, $user->password)) {
// authenticated user,
// do something...
}
Here you're checking the string 'password' with the hashed version of the input password.
So try fetching the user by their username and if you've a result you can compare the hashed version of the password, stored in the database, with the input password. Like so:
$user = DB::table('administrators')
->select('username', 'password')
->where('username', Input::get('admin_username');
if($user->count()) {
$user = $user->first();
if(Hash::check(Input::get('admin_password'), $user->password)) {
//User has provided valid credentials :)
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
