9

Can you help me with this? I am building my own login form using Laravel. But I have a problem because I stored my password using Hash method and in my login form I used hash method again to compare. But I found out that the hash value is always changing.

Here's my code in routes:

Route::post('/admin_handle_login', function()
{

    $rules = array(
        'admin_username'    =>  'required',
        'admin_password'    =>  'required'
    );

    $validate_admin_login = Validator::make(Input::all(), $rules);

    if($validate_admin_login->fails()) {

        $messages = $validate_admin_login->messages();

        Session::flash('warning_notification','Error: Incomplete details!');

        return Redirect::to('/flaxadmin')
                            ->withErrors($messages)
                            ->withInput(Input::except('admin_password'));

    } else {

        $d = array(
            Input::get('admin_username'), Hash::make(Input::get('admin_password'))
        );

        $validate_admin = DB::table('administrators')
                            ->select('username')
                            ->where('username', Input::get('admin_username'))
                            ->where('password', Hash::check('password', Input::get('admin_password')))
                            ->count();
        fp($d);
        fp($validate_admin);

    }

});

The result is

Array
(
    [0] => admin002
    [1] => $2y$10$RTwKHN9W1/unu1ZhYlNjauApJjjoNTBnE6td/AZ5jWgZEdqVav0um
)
0

In my database the password of admin002 is

$2y$10$47sSXLzh/YXN6Rf2fmljYO7lZaxfhXVSUTp5bssR2gYQ6Nw9luUH2

Is my code wrong? Or are there any proper way to do this? I am a begiiner in Laravel..

Improve this question
2
  • What you will have to do is find all users in the database with this username. Then you will have to check the password for each of the accounts. Commented Oct 30, 2014 at 8:31
  • I know that. But I used hashed function and it always changing whenever the page is reloaded or refresh. So if I use 123 as a password and in my database is 123 also but they are different hash value. That's why I can't get the exact value Commented Oct 30, 2014 at 8:38

4 Answers 4

Reset to default
21

First, you cannot do it this way. Assuming username is unique, you should do:

$validate_admin = DB::table('administrators')
                            ->select('username')
                            ->where('username', Input::get('admin_username'))
                            ->first();

if ($validate_admin && Hash::check(Input::get('admin_password'), $validate_admin->password)) {
  // here you know data is valid
}

However you should think about rather using built-in methods than coding it yourself. You have Auth::attempt or Auth::validate if you want to login/check only user with password so there's really no need to code it yourself.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

What'll happen if no user exists?
@DanielGelling I've added $validate_admin && at the beginning of if statement
Ok I already used the model USER but I don't know how to change or overwrite the table inside the model USER. What I know is the Auth::validate is using the User model class. I used this in my customer account and it is working so I decided to create another login for my admin account
@Jerielle So you could probably look also at stackoverflow.com/questions/18785754/…
4

Here you're checking the string 'password' with the hashed version of the input password.

So try fetching the user by their username and if you've a result you can compare the hashed version of the password, stored in the database, with the input password. Like so:

$user = DB::table('administrators')
        ->select('username', 'password')
        ->where('username', Input::get('admin_username');

if($user->count()) {
    $user = $user->first();
    if(Hash::check(Input::get('admin_password'), $user->password)) {
         //User has provided valid credentials :)
    }
}
Improve this answer

2 Comments

i don't know how this answer got up votes, IF condition is wrong, it should be Hash::check(Input::get('admin_password'),$user->password)
@ayyanarpms You are correct, there is (was) a missing bracket...
2

A slight improvement to marcin-nabiałek's answer, you can now use PHP's password_verify to achieve the same

$user = App\User::where('email', $request->email)->first();

if($user && password_verify($request->password, $user->password)) {
   // authenticated user,
   // do something...
}
Improve this answer

Comments

-1

This is useful code 100% laravel 6/7/8.

if ($data = AddEmployee::where('name', $request->name)-first()) {
  $pass = Hash::check($request->password, $data->password);
  if ($pass) {
    echo "sucess";
  } else {
    echo "Password Not Valid";
  }
} else {
  echo "Username Not Valid" . "<br>";
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.