Support the ongoing development of Laravel.io →
charlietechnology
posted 10 years ago
Configuration Authentication Security
Last updated 2 years ago.
0
damienadermann
replied 10 years ago

Short answer: Your not hashing your password before saving it.

Longer answer: Laravel validates a user by fetching a user using a where on any credentials that aren't a password. In your case it will do a where on the username field. It then calls EloquentUserProvider::validateCredentials which checks your password against the database password using Hash::check. See https://github.com/illuminate/auth/blob/master/EloquentUserProvider.php#LC104

Last updated 2 years ago.
0
swgj19
replied 10 years ago 
$password 		= Input::get('password');
$user->password       = Hash::make($password);
Last updated 2 years ago.
0
charlietechnology
replied 10 years ago

Alright well I had that integrated earlier. Do I only need to hash the password when they sign up and then just pass the regular text password when I use Auth::attempt?

Last updated 2 years ago.
0
damienadermann
replied 10 years ago

charlietechnology said:

Alright well I had that integrated earlier. Do I only need to hash the password when they sign up and then just pass the regular text password when I use Auth::attempt?

Yep thats right.

Last updated 2 years ago.
0

Sign in to participate in this thread!

Eventy

Your banner here too?

charlietechnology charlietechnology Joined 12 Jul 2014

Moderators

We'd like to thank these amazing companies for supporting us

Eventy
Fathom
Forge
Envoyer
Beyond Code
Skynet Technologies
BairesDev
Remotely Works
Dotcom-monitor
N-iX

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

Laravel.io

Forum Articles Pastebin

Socials

X Twitter GitHub

The community

Laravel Laravel Laravel News Laravel News
Laracasts Laracasts Laravel Podcast Laravel Podcast
© 2024 Laravel.io - All rights reserved.
Terms of service Privacy policy Advertise