Afaik, user model will automatically hash field named "password". I think this is a bad idea because if you're not inputing your own array to model, user can create additional input and input his field into database without knowing.
Stol3x said:
Afaik, user model will automatically hash field named "password". I think this is a bad idea because if you're not inputing your own array to model, user can create additional input and input his field into database without knowing.
Mine didn't... really weird.
When I create a user the stored password is not hashed.
Stol3x said:
Afaik, user model will automatically hash field named "password". I think this is a bad idea because if you're not inputing your own array to model, user can create additional input and input his field into database without knowing.
Also, isn't the $fillable array is the fix for that mass-assignment vulnerability.
Stol3x said:
Afaik, user model will automatically hash field named "password". I think this is a bad idea because if you're not inputing your own array to model, user can create additional input and input his field into database without knowing.
I don't think so. Laravel/Eloquent doesn't hash 'password' fields automatically. You can set a mutator for 'password' in your User model though.
Remove the confirmation field from your $fillable array. This will prevent the saving of the confirmation field to database.
protected $fillable = ['username', 'email', 'password'];
Btw: I also use a Mutator for the password. It looks like this:
public function setPasswordAttribute($value)
{
$this->attributes['password'] = Hash::make($value);
}
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast