How to decrypt Hash Password in Laravel

You can't. You can only do a comparison.

so it is not possible for us to display pass which user has set during the signup to admin method

Can you please list out all the challenges which we can face while using other methods like encrypt, decrypt

You can't. Because in laravel we are Hashing password.

https://laracasts.com/discuss/channels/laravel/migrate-to-laravel-with-old-hashed-user-passwords

@ershakti Passwords are hashed, not encrypted. That means they can’t be reversed into their plain text form. This is for security reasons.

If someone downloads your database, they shouldn’t be able to reverse each of your users’ passwords. It’s also a security issue to simply display a password back to the user in case they’re on an insecure network and someone is eavesdropping on the connection.

If you need to display a password, then you’re doing something wrong.

@martinbean actually as per application requirement whenever users try forget password then we have to email them there password ,not reset password link

That is a really, really, really bad system requirement @ershakti. You should really change that. It's irresponsible to store passwords like that.

Ditto

check the owasp website for best practice and never be so unprofessional as to send the user their password.

Don't just say that's what the client wants because it is your job to advise against bad practice.

Passwords should always be hashed, which as has been said is a one-way process

okay i will keep in mind for this

@ershakti If a user forgets their password they should reset it, not have their current one emailed to them. As mentioned, this is a really bad practice from a security point of view, as if someone gets access to one of your website users’ inbox, they can just request their password.

Lots of people use the same password for multiple services, so if they have a password for the user’s account on your website, then they may have used the same password for their online banking account or other sensitive services. So you can see why sending passwords in plain text is a bad idea.

@martinbean okay from now onward i will keep this thing in mind. thanks guys for correcting me it help me alot

You just can't. It's a one way encryption.

So how we can check if a user is exist or not?

@kosar you look in the User table and see if they have a record - doh.

It's one way algorithm and can't be decrypted.

@amirhazz only the password is hashed. You don't search for the user by their password.

Short answer is that you don't 'decrypt' the password (because it's not encrypted - it's hashed).

I have some different requirement, i don't want to decode the password, but i am building some other app based on SAME DATABASE for LOGIN so what i can do to "encrypt the password value so that it matches the backend password encrypted code".

Please help...

@shailenderahuja different situation, needs a different question.

Also, this question is 2 years old and solved. Yours is not going to get attention here

if you have seen the thread then you wouldnt have asked this q. if you really must do encrypt/decrypt then create your own login/reset which does what you want but it will be insecure