How to compare Laravel's hash password using a custom login form?
Solution 1
First, you cannot do it this way. Assuming username is unique, you should do:
$validate_admin = DB::table('administrators')
->select('username')
->where('username', Input::get('admin_username'))
->first();
if ($validate_admin && Hash::check(Input::get('admin_password'), $validate_admin->password)) {
// here you know data is valid
}
However you should think about rather using built-in methods than coding it yourself. You have Auth::attempt or Auth::validate if you want to login/check only user with password so there's really no need to code it yourself.
Solution 2
Here you're checking the string 'password' with the hashed version of the input password.
So try fetching the user by their username and if you've a result you can compare the hashed version of the password, stored in the database, with the input password. Like so:
$user = DB::table('administrators')
->select('username', 'password')
->where('username', Input::get('admin_username');
if($user->count()) {
$user = $user->first();
if(Hash::check(Input::get('admin_password'), $user->password)) {
//User has provided valid credentials :)
}
}
Solution 3
A slight improvement to marcin-nabiałek's answer, you can now use PHP's password_verify to achieve the same
$user = App\User::where('email', $request->email)->first();
if($user && password_verify($request->password, $user->password)) {
// authenticated user,
// do something...
}
Comments
-
Jerielle almost 2 years
Can you help me with this? I am building my own login form using Laravel. But I have a problem because I stored my password using Hash method and in my login form I used hash method again to compare. But I found out that the hash value is always changing.
Here's my code in routes:
Route::post('/admin_handle_login', function() { $rules = array( 'admin_username' => 'required', 'admin_password' => 'required' ); $validate_admin_login = Validator::make(Input::all(), $rules); if($validate_admin_login->fails()) { $messages = $validate_admin_login->messages(); Session::flash('warning_notification','Error: Incomplete details!'); return Redirect::to('/flaxadmin') ->withErrors($messages) ->withInput(Input::except('admin_password')); } else { $d = array( Input::get('admin_username'), Hash::make(Input::get('admin_password')) ); $validate_admin = DB::table('administrators') ->select('username') ->where('username', Input::get('admin_username')) ->where('password', Hash::check('password', Input::get('admin_password'))) ->count(); fp($d); fp($validate_admin); } });The result is
Array ( [0] => admin002 [1] => $2y$10$RTwKHN9W1/unu1ZhYlNjauApJjjoNTBnE6td/AZ5jWgZEdqVav0um ) 0In my database the password of admin002 is
$2y$10$47sSXLzh/YXN6Rf2fmljYO7lZaxfhXVSUTp5bssR2gYQ6Nw9luUH2Is my code wrong? Or are there any proper way to do this? I am a begiiner in Laravel..
-
Daniel Gelling over 9 yearsWhat'll happen if no user exists?
-
Marcin Nabiałek over 9 years@DanielGelling I've added$validate_admin &&at the beginning of if statement -
Jerielle over 9 yearsOk I already used the model USER but I don't know how to change or overwrite the table inside the model USER. What I know is the Auth::validate is using the User model class. I used this in my customer account and it is working so I decided to create another login for my admin account
-
Marcin Nabiałek over 9 years@Jerielle So you could probably look also at stackoverflow.com/questions/18785754/…
-
ayyanar pms over 4 yearsi don't know how this answer got up votes, IF condition is wrong, it should be Hash::check(Input::get('admin_password'),$user->password)
-
Daniel Gelling over 4 years@ayyanarpms You are correct, there is (was) a missing bracket...
