I am sure I am just missing something obvious but I can't stare at this problem any more. I have implemented password retrieval basically using the built in Laravel reminders code. The problem is that when I reset the password, the database entry changes, but I can not log in with the new password or the old one. After some testing I noticed that the password hash that gets stored in the DB is different before and after the password reset operation even if I used the same password. Example in this case I use the word password.
The hash in the DB after registration with the word "password"
$2y$10$ffGWpjSuPGEHooRFoB6el.IDAUJKjHG851WM8FniYfbYGzODcs762
The hash in the DB after resetting the password successfully with the word "password":
$2y$10$qvnaPIDDiGu.E4R4rju6BOEEwYs1ScrImWylczN7pcTn230LCG3Nm
I imagine I have not set something up somewhere. Maybe a salt? Any help is appreciated.
maybe is only a typo but 'password' is different from 'Password' however to check if not hashed password is the same of hashed password you should use:
Hash::check('password', '$2y$10$ffGWpjSuPGEHooRFoB6el.IDAUJKjHG851WM8FniYfbYGzODcs762');
longilineo said:
maybe is only a typo but 'password' is different from 'Password' however to check if not hashed password is the same of hashed password you should use:
Hash::check('password', '$2y$10$ffGWpjSuPGEHooRFoB6el.IDAUJKjHG851WM8FniYfbYGzODcs762');
Sorry the typo was only in my post above. In my testing I used the lowercase.
If I'm not mistaken, Laravel uses BCRYPT alogrithm to generate hashes. This is a ONE WAY hash, which means that by design, passwords always differ no matter if it is the same string input. I can explain the algorithm my self, but I would rather point you to a more indepth explaination... http://www.sitepoint.com/why-you-should-use-bcrypt-to-hash-stored-passwords/
Hopefully that helps.
MineSQL said:
If I'm not mistaken, Laravel uses BCRYPT alogrithm to generate hashes. This is a ONE WAY hash, which means that by design, passwords always differ no matter if it is the same string input. I can explain the algorithm my self, but I would rather point you to a more indepth explaination... http://www.sitepoint.com/why-you-should-use-bcrypt-to-hash-stored-passwords/
Hopefully that helps.
correct ;)
Guys I found my mistake. I was hashing the password again when I should not have been.
app/controllers/RemindersController.php View
public function postReset()
$response = Password::reset($credentials, function($user, $password)
{
/* $user->password = Hash::make($password); */
$user->password = $password;
$user->save();
});
Sign in to participate in this thread!
The Laravel portal for problem solving, knowledge sharing and community building.
The community