Support the ongoing development of Laravel.io →
serdiev
posted 10 years ago
Authentication Security Database
Last updated 2 years ago.
0
dieter91
replied 10 years ago

It is normal that the hash is different each time. If you login you don't have to hash the password again.

Last updated 2 years ago.
0
serdiev
replied 10 years ago

I don't understand you. How can that be 'normal'. Isn't the whole reason about using a hash is that I save my password as a hash in my database instead of saving the real password, so that I can later hash the password I enter and compare it with the hash in the database?

Last updated 2 years ago.
0
torchsk
replied 10 years ago

It is normal. Laravel uses Bcrypt which uses random salts. The Hash process is one-way only, but Bcrypt will "unhash" it correctly to know if the passwords match :)

Last updated 2 years ago.
0
stolz
replied 10 years ago

As already stated, the passwords are automatically salted with a random salt each new rehash.

You have a mistake in your code. You are rehasing password without checking if it's been hashed already. Try with

if(Hash::needsRehash($this->password))
	$this->password = Hash::make($this->password);
Last updated 2 years ago.
0
serdiev
replied 10 years ago

Okay.

if(Hash::needsRehash($this->password))
    $this->password = Hash::make($this->password);

This gives me an error, I only put in the hash when I create the account, I maybe didn't explain it enough.

It looks like this:

//Register a user;
	public function create()
	{
		if(Auth::check()) return Redirect::to('youraccount');
		
		$input = Input::all();
		$validation = Validator::make($input,User::$rules);
				
		if ( $validation->fails() ) {
			return Redirect::back()->withInput()->withErrors($validation->messages());			
		}else{
			$user = new User;
			$user->username = $input['username'];
			$user->fullname = $input['fullname'];
			$user->email = $input['email'];			
			$user->password = Hash::make($input['password']);
			$user->save();
			return View::make('youraccount')->with('input',$input);
		}
	}

	//Login a user:
	public function store()
	{		
		if(Auth::check()) return Redirect::to('youraccount');
		$authinput = Input::all();
		
		if (Auth::attempt(array('username' => $authinput['username'],'password' => $authinput['password'])))
		{
			return View::make('youraccount');			
		}		
		return Redirect::to('login')->with('message','Hmm, that probably was not the correct password');
		
	}

I only hash the password to save it when I create the account. I don't call the create() function again after that, so I never 'update' the hash in the database. If Auth::attempt is supposed to take care of everything else I am not sure what is wrong.

Last updated 2 years ago.
0
serdiev
replied 10 years ago
Solution

Okay I solved it, I feel so stupid now.

public function getAuthPassword() {
				return $this->password;
	}

Was wrong, since my password is defined as 'Password' with a big 'P' in mysql database.

public function getAuthPassword() {
				return $this->Password;
	}

Thanks for help though guys!

Last updated 2 years ago.
0

Sign in to participate in this thread!

Eventy

Your banner here too?

Serdiev serdiev Joined 14 Jun 2014

Moderators

We'd like to thank these amazing companies for supporting us

Eventy
Fathom
Forge
Envoyer
Beyond Code
BairesDev
Dotcom-monitor
N-iX

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

Laravel.io

Forum Articles Pastebin

Socials

X (Twitter) GitHub

The community

Laravel Laravel Laravel News Laravel News
Laracasts Laracasts Laravel Podcast Laravel Podcast
© 2024 Laravel.io - All rights reserved.
Terms of service Privacy policy Advertise