Support the ongoing development of Laravel.io →
Input Eloquent Validation
Last updated 2 years ago.
0

Afaik, user model will automatically hash field named "password". I think this is a bad idea because if you're not inputing your own array to model, user can create additional input and input his field into database without knowing.

Last updated 2 years ago.
0

Stol3x said:

Afaik, user model will automatically hash field named "password". I think this is a bad idea because if you're not inputing your own array to model, user can create additional input and input his field into database without knowing.

Mine didn't... really weird.

When I create a user the stored password is not hashed.

Last updated 2 years ago.
0

Stol3x said:

Afaik, user model will automatically hash field named "password". I think this is a bad idea because if you're not inputing your own array to model, user can create additional input and input his field into database without knowing.

Also, isn't the $fillable array is the fix for that mass-assignment vulnerability.

Last updated 2 years ago.
0

Stol3x said:

Afaik, user model will automatically hash field named "password". I think this is a bad idea because if you're not inputing your own array to model, user can create additional input and input his field into database without knowing.

I don't think so. Laravel/Eloquent doesn't hash 'password' fields automatically. You can set a mutator for 'password' in your User model though.

Last updated 2 years ago.
0

Remove the confirmation field from your $fillable array. This will prevent the saving of the confirmation field to database.

protected $fillable = ['username', 'email', 'password'];

Btw: I also use a Mutator for the password. It looks like this:

public function setPasswordAttribute($value)
{
	$this->attributes['password'] = Hash::make($value);
}
Last updated 2 years ago.
0

Sign in to participate in this thread!

Eventy

Your banner here too?

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2024 Laravel.io - All rights reserved.