I believe hashed password in laravel cannot be unhashed..may be use the Crypt instead..or save the password in another field as plaintext

You should NEVER store passwords as plain text. Also, you should NOT know your users passwords. Why would you like to know your users passwords?

@Edwin>Edwin-Luijten said:

You should NEVER store passwords as plain text. Also, you should NOT know your users passwords. Why would you like to know your users passwords?

Thanks guys for your reply my client said that we are a group of person that will handle admin panel,if one of them forgot password and then he changed his password then we need to inform to all admins that new password is this,but if i admin can see passwords then problem can be solved and also for some other work we need to see password and as @johnvic suggested do u think encrypting and decrypt will work fine in laravel ,as i am new to laravel i nt know much ,

I am not sure if crypt will work on the authentication in laravel. I think you need two fields for passwords. one for the hashed password that will be used in Laravel Authentication and another field for the crypted password..the crypted field will be the one that will be decrypted to show the password in plaintext. So u need to have a crypted copy of the password during registration or on reset.

spsethi said:

@Edwin>Edwin-Luijten said:

You should NEVER store passwords as plain text. Also, you should NOT know your users passwords. Why would you like to know your users passwords?

Thanks guys for your reply my client said that we are a group of person that will handle admin panel,if one of them forgot password and then he changed his password then we need to inform to all admins that new password is this,but if i admin can see passwords then problem can be solved and also for some other work we need to see password and as @johnvic suggested do u think encrypting and decrypt will work fine in laravel ,as i am new to laravel i nt know much ,

If the user changes/updates his password, you have access to that users password via Input::get('yourpasswordfield'); So you can send all admins an email with that password, or do whatever you like with it. (store it in a password vault tool and delete the email)

Could you explain in which scenarios an admin needs a user password?

Do you mean there are multiple people using the same login credentials?
If so try to convince them to each have their own account.
This solves the problem of one of them performing a password reset and locking out the other people.

Here is a nice place to explain the difference between hashing and encryption.

• Hashing is a one way process - you cannot get the plaintext password after it is hashed.
• Encryption is a two way process - it is possible to get the plaintext password after it is encrypted.

The best solution for applications is hashing passwords. If a hacker was to get access to your database and gain access to encrypted / plain text passwords, you are in for a lot of trouble, maybe even legal trouble. With hashing, you're more protected against a hacker figuring out a user's password, and this is invaluable at some times.

Unless the client really needs the ability to see a user's password, try and convince them otherwise. A user's password is their own secret text and to be honest it isn't you or a website admin's job to know it.

TL;DR: there is no possible way to un-hash a user's password. If you want to view plaintext, store it in plaintext or encrypt it (latter is preferred). Hashing a user's password and not ever seeing the plaintext is preferred for security and privacy reasons.