0

im coding a registration for an old game, this games uses PASSWORD() for encryption. Is there a way to use that function in Laravel Eloquent?

current form:

 public function registerPost(Request $request)
    {
        $request->validate([
            'login' => 'required|min:4|unique:account',
            'email' => 'required|email|unique:account',
            'password' => 'required|min:8',
            'repeat_password' => 'required|same:password',
        ], [], [
            'login' => 'Username',
            'password' => 'Password',
            'email' => 'E-Mail',
            'repeat_password' => 'Repeat password'
        ]);

        $data = $request->all();

        if (Account::create($data)) {
            return Redirect::to("/registration")->withErrors(['success' => 'Account created']);
        }

        return Redirect::to("/registration")->withErrors(['message' => 'Account creation failed']);
    }
Improve this question
1
  • you mean you wan to encrypt the password ? Commented Jan 19, 2020 at 15:12

2 Answers 2

Reset to default
1

You have to manually make your query to achieve your goal. Like below

Account::statement(DB::raw('insert query here'));

Why not use the hash method for encryption? It's easy to use and very secured.

Step1: import this code below 

use Illuminate\Support\Facades\Hash;

Step2 then you can use the hash method by this

'password' => Hash::make($data['password']),

please see docs here source

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

as i said, its for an old game and we cant change how the password is encrypted. otherwise i would ofc use the hash method.
Then you have to manually write your query to achieve this one. Account::statement(DB::raw('insert query here'));
okay, thank you :) now i know that, i just wasnt aware if there was a method for eloquent.
I updated my answer, hope you upvote since you got an idea on it.
1

I recommend you do NOT use the MySQL PASSWORD() function. Read the documentation. It says:

PASSWORD() is used by the authentication system in MySQL Server; you should not use it in your own applications.

This function is officially deprecated in MySQL 5.7.6, and by MySQL 8.0.11, the PASSWORD() function has been removed. You can't upgrade to the current version of MySQL if you depend on the PASSWORD() function.

It's a bad idea to use any function in SQL to hash passwords, because if you do that, the plaintext passwords (that is, before hashing) will appear in your query logs and statement-based binary logs. That's a security weakness in your app that any auditor would demand you change.

Instead, the better way to do password hashing in PHP is to use password_hash() when storing the password, and password_verify() when a login needs to check input against the stored password.

If you're using Laravel, look into using the Hash class: https://laravel.com/docs/6.x/hashing

Regarding your comment on another answer:

as i said, its for an old game and we cant change how the password is encrypted. otherwise i would ofc use the hash method.

You need to fix this, or retire the game. It's not secure.

You can change how an app stores passwords. I've done it in some apps I've written. You can't reverse hashing, so you can't convert existing passwords to the new format, but the way to do it is to develop code to handle both cases. The code should work in the following way:

  1. Add a new column in your accounts table to store the new password-hash format.
  2. When a user logs in, check the user's input against the old password hash, as you would normally. That is, hash the user's input and compare the result to what's stored in the database.
  3. If the hash of the user's input matches the hash, then UPDATE the database: store the new-format hash in the new password column, and assign NULL to the old password column.
  4. Change the login code so it fetches both columns, and if the old password column is NULL, then hash the user input with the new method and compare that to the new password column.

Gradually, as each user logs in, their passwords will be "upgraded." Once they are all upgraded, drop the old password column and simplify your login code to remove the old hashing method.

It's possible that there will be some straggler users who never log in for weeks or months. Don't wait for them. When all the regular users have converted their passwords, just drop the old passwords. The straggler users will have to do password recovery if they ever come back.

Improve this answer

4 Comments

I have added more to my answer.
The game is not run by myself I just make the registration for that. I recommended the owner of that game server the same as you did. But he just doesn't want to change it.
but I'm really thankful for your answer :) good to know that people are aware of security and take there time to tell others.
Ok, hopefully my answer will help someone else who has a similar problem.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.