Support the ongoing development of Laravel.io →
Authentication Security Database
Last updated 2 years ago.
0

It is normal that the hash is different each time. If you login you don't have to hash the password again.

Last updated 2 years ago.
0

I don't understand you. How can that be 'normal'. Isn't the whole reason about using a hash is that I save my password as a hash in my database instead of saving the real password, so that I can later hash the password I enter and compare it with the hash in the database?

Last updated 2 years ago.
0

It is normal. Laravel uses Bcrypt which uses random salts. The Hash process is one-way only, but Bcrypt will "unhash" it correctly to know if the passwords match :)

Last updated 2 years ago.
0

As already stated, the passwords are automatically salted with a random salt each new rehash.

You have a mistake in your code. You are rehasing password without checking if it's been hashed already. Try with

if(Hash::needsRehash($this->password))
	$this->password = Hash::make($this->password);
Last updated 2 years ago.
0

Okay.

if(Hash::needsRehash($this->password))
    $this->password = Hash::make($this->password);

This gives me an error, I only put in the hash when I create the account, I maybe didn't explain it enough.

It looks like this:

//Register a user;
	public function create()
	{
		if(Auth::check()) return Redirect::to('youraccount');
		
		$input = Input::all();
		$validation = Validator::make($input,User::$rules);
				
		if ( $validation->fails() ) {
			return Redirect::back()->withInput()->withErrors($validation->messages());			
		}else{
			$user = new User;
			$user->username = $input['username'];
			$user->fullname = $input['fullname'];
			$user->email = $input['email'];			
			$user->password = Hash::make($input['password']);
			$user->save();
			return View::make('youraccount')->with('input',$input);
		}
	}

	//Login a user:
	public function store()
	{		
		if(Auth::check()) return Redirect::to('youraccount');
		$authinput = Input::all();
		
		if (Auth::attempt(array('username' => $authinput['username'],'password' => $authinput['password'])))
		{
			return View::make('youraccount');			
		}		
		return Redirect::to('login')->with('message','Hmm, that probably was not the correct password');
		
	}

I only hash the password to save it when I create the account. I don't call the create() function again after that, so I never 'update' the hash in the database. If Auth::attempt is supposed to take care of everything else I am not sure what is wrong.

Last updated 2 years ago.
0

Okay I solved it, I feel so stupid now.

public function getAuthPassword() {
				return $this->password;
	}

Was wrong, since my password is defined as 'Password' with a big 'P' in mysql database.

public function getAuthPassword() {
				return $this->Password;
	}

Thanks for help though guys!

Last updated 2 years ago.
0

Sign in to participate in this thread!

Eventy

Your banner here too?

Serdiev serdiev Joined 14 Jun 2014

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2024 Laravel.io - All rights reserved.