Support the ongoing development of Laravel.io →
charlietechnology
posted 9 years ago
Configuration Authentication Security
Last updated 1 year ago.
0
damienadermann
replied 9 years ago

Short answer: Your not hashing your password before saving it.

Longer answer: Laravel validates a user by fetching a user using a where on any credentials that aren't a password. In your case it will do a where on the username field. It then calls EloquentUserProvider::validateCredentials which checks your password against the database password using Hash::check. See https://github.com/illuminate/auth/blob/master/EloquentUserPro...

Last updated 1 year ago.
0
swgj19
replied 9 years ago 
$password 		= Input::get('password');
$user->password       = Hash::make($password);
Last updated 1 year ago.
0
charlietechnology
replied 9 years ago

Alright well I had that integrated earlier. Do I only need to hash the password when they sign up and then just pass the regular text password when I use Auth::attempt?

Last updated 1 year ago.
0
damienadermann
replied 9 years ago

charlietechnology said:

Alright well I had that integrated earlier. Do I only need to hash the password when they sign up and then just pass the regular text password when I use Auth::attempt?

Yep thats right.

Last updated 1 year ago.
0

Sign in to participate in this thread!

Eventy

Your banner here too?

charlietechnology charlietechnology Joined 12 Jul 2014

Moderators

We'd like to thank these amazing companies for supporting us

Eventy
Fathom
Forge
Envoyer
Beyond Code
Skynet Technologies
Steadfast Collective
BairesDev
Remotely Works

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

Laravel.io

Forum Articles Pastebin

Socials

X Twitter GitHub

The community

Laravel Laravel Laravel News Laravel News
Laracasts Laracasts Laravel Podcast Laravel Podcast
© 2024 Laravel.io - All rights reserved.
Terms of service Privacy policy Advertise