It is normal that the hash is different each time. If you login you don't have to hash the password again.
I don't understand you. How can that be 'normal'. Isn't the whole reason about using a hash is that I save my password as a hash in my database instead of saving the real password, so that I can later hash the password I enter and compare it with the hash in the database?
It is normal. Laravel uses Bcrypt which uses random salts. The Hash process is one-way only, but Bcrypt will "unhash" it correctly to know if the passwords match :)
As already stated, the passwords are automatically salted with a random salt each new rehash.
You have a mistake in your code. You are rehasing password without checking if it's been hashed already. Try with
if(Hash::needsRehash($this->password))
$this->password = Hash::make($this->password);
Okay.
if(Hash::needsRehash($this->password))
$this->password = Hash::make($this->password);
This gives me an error, I only put in the hash when I create the account, I maybe didn't explain it enough.
It looks like this:
//Register a user;
public function create()
{
if(Auth::check()) return Redirect::to('youraccount');
$input = Input::all();
$validation = Validator::make($input,User::$rules);
if ( $validation->fails() ) {
return Redirect::back()->withInput()->withErrors($validation->messages());
}else{
$user = new User;
$user->username = $input['username'];
$user->fullname = $input['fullname'];
$user->email = $input['email'];
$user->password = Hash::make($input['password']);
$user->save();
return View::make('youraccount')->with('input',$input);
}
}
//Login a user:
public function store()
{
if(Auth::check()) return Redirect::to('youraccount');
$authinput = Input::all();
if (Auth::attempt(array('username' => $authinput['username'],'password' => $authinput['password'])))
{
return View::make('youraccount');
}
return Redirect::to('login')->with('message','Hmm, that probably was not the correct password');
}
I only hash the password to save it when I create the account. I don't call the create() function again after that, so I never 'update' the hash in the database. If Auth::attempt is supposed to take care of everything else I am not sure what is wrong.
Okay I solved it, I feel so stupid now.
public function getAuthPassword() {
return $this->password;
}
Was wrong, since my password is defined as 'Password' with a big 'P' in mysql database.
public function getAuthPassword() {
return $this->Password;
}
Thanks for help though guys!
Sign in to participate in this thread!
The Laravel portal for problem solving, knowledge sharing and community building.
The community