micksp's avatar

Using Hash::make for authentication

Hi I need some help with checking a user password. I have a login form. There's this example user I create with db:seed:

User::create([
    "id"            => "1",
    'domain_id'     => "1",
    "full_name"     => "Michael",
    "email"         => "",
    "password"      => Hash::make('secret')
]);

I want the user to be able to enter a new password from a 'change password" form. In the controller I check if the users has entered the right 'current' password.

$countNrOfUsers = User::where(['id'=>Auth::user()->id, 'password'=>Hash::make($currentPassword)])->count();
if($countNrOfUsers == 1) {  
   ...

But it seems this time Hash::make() creates a different encrypted password then when creating the password in the db:seed code, it yields a different string. My login form works great so the first Hash::make is correct. Odd thing is, I never imported the Hash class in de db:seed, but I needed to "use" the Hash code in my controller. So i suspect the first Hash is a different one or uses some seeding.

use Illuminate\Support\Facades\Hash;

So, how do i check a user entered password against the one in the users table? Could anyone give me some hints on this?

0 likes
3 replies
InaniELHoussain's avatar

try first die and dumping data, like the hashed passwored existing data against the one you are checking

shez1983's avatar
shez1983
9 years ago
Best Answer
Level 23

https://laravel.com/docs/5.3/hashing explains what to do

if (Hash::check('plain-text', $hashedPassword)) {
    // The passwords match...
}

you would obviously do a query to get the current record from the database to get the hash password alternatively when you login the AUth::user()->password might already have a hash password or (plain text?)

micksp's avatar

Hash::check() works. Auth::user()->password indeed has the hashed password. Thanks for the help!

Please or to participate in this conversation.