3

I was using md5 to hash my passwords but learned that using bcrypt was more secure.

When using md5, it was easy to check whether a password entered in a form was correct. I simply done

if(md5($request->password) == $user->password)
   //Login or whatever

So how do I do this using bcrypt? I tried

if(bcrypt($request->password) == $user->password)

But that isn't working.

Improve this question
3
  • 2
    See password_hash() and password_verify(). Commented Apr 21, 2017 at 15:37
  • 1
    Also note, in your example, you're hashing the value from the database and comparing it to what the user typed. That's backwards -- you want to hash the value the user typed and compare it to the database. Commented Apr 21, 2017 at 15:41
  • Oh yes I see, just a typo. Edited. Commented Apr 21, 2017 at 15:51

2 Answers 2

Reset to default
4

Use the attempt() method:

if (Auth::attempt(['email' => $email, 'password' => $password]))

The attempt method accepts an array of key/value pairs as its first argument. The values in the array will be used to find the user in your database table.

https://laravel.com/docs/5.4/authentication#authenticating-users

Under the hood attempt() uses password_verify() method to check password.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

You could also use the check method of the Hash Facade

if (Hash::check($request->password, $user->password)) {
    // The passwords match...
}

https://laravel.com/docs/5.4/hashing#basic-usage

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.