If you want to cross-check only, you can simply do it easily.
use Illuminate\Support\Facades\Hash;
$enteredPassword = 'secret123'; // The password entered by the user
$storedHashedPassword = $user->password; // The hashed password from the database
if (Hash::check($enteredPassword, $storedHashedPassword)) {
// Passwords match, proceed with login
} else {
// Passwords do not match
}
@birdietorerik thankfully Laravel hashes passwords so the process is irreversible! I would not want to use any application that stores sensitive information using md5
Laravel doesn't use MD5, it uses Bcrypt (by default). You can't decrypt the results of either, because they're not encryption algorithms. They're hashing functions.
Hashing functions are not injective: different inputs may produce an identical hash digest. You can't restore the original string because information is lost along the way. Hashing functions are also specifically designed in a way that makes it hard to determine valid inputs in reverse.
MD5 isn't used for security anymore because it's considered unsafe.
MD5 is about as insecure you can get, it's fast to generate and there is a quite big possibility that more than one value gives the same checksum. It should not be used for anything other then verifying that a file is ok after a download.
its common to have this type of requirement when you are migrating old passwords to new hashing method.
You can only do it by waiting for the user to enter their plaintext password, check it is valid using md5 then save a new hash of the plaintext using bcrypt. Finally delete the md5. Dont be tempted to leave the old value around as this is as bad as leaving passwords in plaintext.
