Creating a User

Try this:

$password = Hash::make(Input::get('password'));

User::create(Input::get('firstname','lastname'), $password);

I did it slightly differently

$data =  Input::only('firstname', 'lastname', 'password');
    $data['password'] = Hash::make($data['password']);
    $data['email'] = 'ross@myemail.com';
    $user = User::create($data);

One other alternative is to set a mutator on your user model.

class User extends Eloquent {

    public function setPasswordAttribute($password) {
        $this->attributes['password'] = Hash::make($password);
    }

}

In this way, you can be sure that the password will be hashed every time you set the attribute in the user model, which will also help you cut down on duplicated code.

@rosshulford @deringer Above suggestion (with mutator) is definitely the best way to handle this. Apart from it being convenient, it also makes sure you never save a user with plain password attribute (unless you do, for it's still possible if you want ofc)

Just don't forget you already hash it and not hash it twice :P

@Bashy, according with your post, is there any function to know if the password was hashed for avoiding hash it twice?

@codeatbusiness Would only check it on save right? Not sure of one. Would be interested to know as well.

Yeah @bashy, I think would be very useful handling it by adding a default User Model Observer. Correct me if I'm wrong.

@codeatbusiness @bashy There is no way to literally check whether it is hashed or not. However you can achieve what you need with this:

$pass = 'secret';
$hash = Hash::make('secret');
Hash::needsRehash($pass); // true
Hash::needsRehash($hash); // false

What it does is checking if the string provided was hashed using the same hashing options, so basically get the job done.

Yeah looks good. Not that I've ever wanted to check that way but useful to know!

Many thanks @JarekTkaczyk, great!

I found the following function within the Illuminate\Auth\Authenticatable interface and the Illuminate\Auth\GenericUser class that implements Authenticatable as UserContract. There is a getAuthPassword() method.

Would be useful for the same functionality comparing with the Hash::make() function?

Edit. I think it would not possible for the Hashing process because it use the date and time, correct me if I'm wrong...

What do you think about the following approach: instead of having the HasherContract return a hashed string, we can transform it into a value object HashedValue which implements the __toString() method, such that you can determine if a string has been hashed or not.

See this gist for a quick example.

@MarkRedeman The idea is good, but your in your code there's nothing to assure that the HashedValue is in fact hashed...