have you tried hashing the email and passing that hashed value to attempt ?
Hi lagbox,
Yes, I have tried:
$attempt = Auth::attempt([
'email' => Hash::make(Input::get('email')),
'password' => Input::get('password')
]);
but this doesn't work either, maybe because each time something is hashed it is different so it would always fail.
its possible perhaps you want to encrypt the email not hash it ?
I could either encrypt it or hash, it doesn't matter, I'm still not sure on the procedure to then log them in.
The issue here is that by default the password_hash function (which Hash::make is a wrapper for) generates a random salt each time it is called. This is good and desired functionality for password hashing but will result in a different password hash being generated each time it is called.
For example calling the following code:
for ($i=0; $i <10; $i++) {
echo password_hash('[email protected]', PASSWORD_BCRYPT) . PHP_EOL;
}
Produced the following hashes:
$2y$10$FX4g79Ax.FM6kLpRXu1I1.Ua33vaaNbqS6TDW3HL1zfFEPs8r3ZXS $2y$10$QcxBaCotVKfVWn7zLc8qG.jcunID2q9GviWeeHHJ/P3BQnbzmSs7m $2y$10$yNFOqDTCVqhuFFA0RoaxNe88qP2hT.VEGYqhni53gOo.ju.UOoL22 $2y$10$7eu94EBCDZm51SRYJ1sY3.T7Tk5yy5oViBMyHntjFN4fHarxHpf/i $2y$10$6.mWaQryXnXw1SaWRLNLCex90KTunfHAx3AqtRUcrxkP31ltCWy1i $2y$10$ivtw/ZnXKPX6kuHj.XYuS.mogk6KPaPfW5bmkFNEPHi3FipCvXHxS $2y$10$dD7qsEzGQlD0pJA7DiOF2.15vIfz8sVaD1n5fNi7N1Bjapd90wBUm $2y$10$W.XILAvoiOLQwMLRdUfsr.vUqn6OuaniQ2YreGK3e1iQUboJe0s6i $2y$10$kjZ6NOdYL9q8mrku6Ui64uFj5FH582z1uKKxslyvES3MdqlAdq/Tu $2y$10$2fJCHw5vK6bvfDF6QIPtk.oRAHrrqYPgx0RR/o.JlfLd/scKx0iJC
This is fine for passwords as all you need to know is if the hash can be verified by the given password. But with the email you have know way of knowing which account to verify the email address against. You can't just pull the user record with the hash generated by the email provided on the login form as it wont be the same as the hash that was stored in the database.
To get around this you can pass a salt in the options array to the password_hash function. http://www.php.net/manual/en/function.password-hash.php
This sadly isn't possible using the Hash::make() Facade for the Illuminate\Hashing\BcryptHasher class so you will need to call password_hash() directly.
password_hash('[email protected]', PASSWORD_BCRYPT, [
'salt' => 'SomeSaltHereThatIsTheSameEverytime'
]);
You will need to use the same salt for the email when you store the hash as when you check it when they log in.
Alternatively since this is not a password you can just md5 it.
Keep in mind that hashing is a one way process. You have no way to get the email address back out given a hash. If you need to do things like forgot password reminders or notification emails saving only a hash will not be enough.
You will also not be able to do something like have a list of users in the admin with the email address as all you have are hashes.
You can store the email address the user used to log in in the session or something but this will not be available except by request made by the user while logged in.
Sign in to participate in this thread!
The Laravel portal for problem solving, knowledge sharing and community building.
The community