Support the ongoing development of Laravel.io →
stueynet
posted 11 years ago
Authentication

I am sure I am just missing something obvious but I can't stare at this problem any more. I have implemented password retrieval basically using the built in Laravel reminders code. The problem is that when I reset the password, the database entry changes, but I can not log in with the new password or the old one. After some testing I noticed that the password hash that gets stored in the DB is different before and after the password reset operation even if I used the same password. Example in this case I use the word password.

The hash in the DB after registration with the word "password"

$2y$10$ffGWpjSuPGEHooRFoB6el.IDAUJKjHG851WM8FniYfbYGzODcs762

The hash in the DB after resetting the password successfully with the word "password":

$2y$10$qvnaPIDDiGu.E4R4rju6BOEEwYs1ScrImWylczN7pcTn230LCG3Nm

I imagine I have not set something up somewhere. Maybe a salt? Any help is appreciated.

Last updated 3 years ago.
0
longilineo
replied 11 years ago

maybe is only a typo but 'password' is different from 'Password' however to check if not hashed password is the same of hashed password you should use:

Hash::check('password', '$2y$10$ffGWpjSuPGEHooRFoB6el.IDAUJKjHG851WM8FniYfbYGzODcs762');
Last updated 3 years ago.
0
stueynet
replied 11 years ago

longilineo said:

maybe is only a typo but 'password' is different from 'Password' however to check if not hashed password is the same of hashed password you should use:

Hash::check('password', '$2y$10$ffGWpjSuPGEHooRFoB6el.IDAUJKjHG851WM8FniYfbYGzODcs762');

Sorry the typo was only in my post above. In my testing I used the lowercase.

Last updated 3 years ago.
0
minesql
replied 11 years ago

If I'm not mistaken, Laravel uses BCRYPT alogrithm to generate hashes. This is a ONE WAY hash, which means that by design, passwords always differ no matter if it is the same string input. I can explain the algorithm my self, but I would rather point you to a more indepth explaination... http://www.sitepoint.com/why-you-should-use-bcrypt-to-hash-stored-passwords/

Hopefully that helps.

Last updated 3 years ago.
0
zenry
replied 11 years ago

MineSQL said:

If I'm not mistaken, Laravel uses BCRYPT alogrithm to generate hashes. This is a ONE WAY hash, which means that by design, passwords always differ no matter if it is the same string input. I can explain the algorithm my self, but I would rather point you to a more indepth explaination... http://www.sitepoint.com/why-you-should-use-bcrypt-to-hash-stored-passwords/

Hopefully that helps.

correct ;)

Last updated 3 years ago.
0
stueynet
replied 11 years ago
Solution

Guys I found my mistake. I was hashing the password again when I should not have been.

 app/controllers/RemindersController.php View
  public function postReset()
  

  		$response = Password::reset($credentials, function($user, $password)
 		{
		/*	$user->password = Hash::make($password); */
			$user->password = $password;
  			$user->save();
  		});
Last updated 3 years ago.
0

Sign in to participate in this thread!

Eventy

Your banner here too?

stueynet stueynet Joined 21 May 2014

Moderators

We'd like to thank these amazing companies for supporting us

Eventy NativePHP
Fathom
Forge
Envoyer
Beyond Code
BairesDev
N-iX
Litslink

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

Laravel.io

Forum Articles Pastebin

Socials

X (Twitter) Bluesky Bluesky GitHub

The community

Laravel Laravel Laravel News Laravel News
Laracasts Laracasts Laravel Podcast Laravel Podcast
© 2025 Laravel.io - All rights reserved.
Terms of service Privacy policy Advertise