Menu
I have profile form for user can edit own profiles. in this form I have current password. that must be match from seved into database.
Form:
{{ Form::password('currPassword', array('id'=>'currPassword')) }}
i want to have this function in Controller to check this with database.
$data = User::find($id);
if( ! Hash::check( $data->password , Input::get('currPassword') ) )
{
return Redirect::to('/admin/profile')
->with('message', 'Current Password Error !')
->withInput();
}
hashed 123456 password into database is ok and after putting 123456 in currPassword that must be return TRUE but that return FALSE always.
221
The check method provided by the Hash facade allows you to verify that a given plain-text string corresponds to a given hash: if (Hash::check('plain-text', $hashedPassword)) { // The passwords match... }
The Laravel Hash facade provides secure Bcrypt hashing for storing user passwords. If you are using the AuthController controller that is included with your Laravel application, it will be take care of verifying the Bcrypt password against the un-hashed version provided by the user.
You're using the wrong argument order. It's Hash::check($input, $hash), not the other way around.
Short tinker example:
[1] > $pw = 123456;
// 123456
[2] > $hashed = Hash::make($pw);
// '$2y$10$xSugoyKv765TY8DsERJ2/.mPIOwLNdM5Iw1n3x1XNVymBlHNG4cX6'
[3] > Hash::check($hashed, $pw);
// false
[4] > Hash::check($pw, $hashed);
// true
I had the same issue and solved it like this:
I found that I was using the Hash::make function in my RegistrationService class and more important that I had already used the setPasswordAttribute function in my User model which were quickly forgotten:
class User extends Model implements AuthenticatableContract, AuthorizableContract
{
...
/**
* @param $value
*/
public function setPasswordAttribute($value)
{
$this->attributes['password'] = Hash::make($value);
}
}
So the password was double hashed and of course every Hash::check call was incorrect and return false.
43
Hash::check() has two parameters first one is plane password and another is hashed password. If password matched with hash it will return true.
Hash::check(normal_password,hashed_password);
Example :
Hash::check('123456a','$2y$10$.XB30GO4jn7bx7EauLrWkugIaCNGxiQCgrFTeFDeSSrGdQYd6Rneq');
Though above answers are valid for the question provided, I'm adding more explanation to give details insights
Verifying A Password Against A Hash
The check method allows you to verify that a given plain-text string corresponds to a given hash. However, if you are using the LoginController included with Laravel, you will probably not need to use this directly, as this controller automatically calls this method:
if (Hash::check('plain-text', $hashedPassword)) {
// The passwords match...
}
check() method is declare in HasherInterface
This method is to Check the given plain value against a hash.
bool check(string $value, string $hashedValue, array $options = array())
Check the given plain value against a hash.
Parameters
string $value
string $hashedValue
array $options
Return Value
bool
For your example :
$data = User::find($id);
if( ! Hash::check(Input::get('currPassword') , $data->password ) )
{
return Redirect::to('/admin/profile')
->with('message', 'Current Password Error !')
->withInput();
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
