Is there a way I can create the user with the hashed password, not plain password?
public function post(StoreUserRequest $request) {
User::create($request->validated());
return redirect()->route('frontend.login')->with('message', 'Your account has been created!');
}
See the hashing docs here https://laravel.com/docs/5.8/hashing
You may hash a password by calling the make method on the Hash facade
public function post(StoreUserRequest $request)
{
$userData = $request->validated();
$userData['password'] = Hash::make($request->input['password']);
User::create($userData);
return redirect()->route('frontend.login')->with('message', 'Your account has been created!');
}
What are you using to Hash your password? But also you can, because a hash in just a string. Your field password in DB, probably is a string too. You can use Laravel Auth too. This provide a full authentication system with one line on terminal
php artisan make:auth
Related
I want to change the default auth fields name in Laravel 5.6, it looks like to work for the username but not for the password.
I looked this questions How to change / Custom password field name for Laravel 4 and Laravel 5 user authentication and the Sample data to test works but not in my login form.
username is useUsername
password is usePassword
On my login form, I tested to kind of data
When I try to log with a user with the password hash in db, I get These credentials do not match our records.
When I log with a user without password hash in db, I get an issue Undefined index: password in the vendor/laravel/framework/src/Illuminate/Auth/EloquentUserProvider.php-> validateCredentials(UserContract $user, array $credentials)
what I changed in the loginController.php
protected function validateLogin(Request $request)
{
$this->validate($request, [
$this->username() => 'required',
'usePassword' => 'required',
]);
}
public function username()
{
return 'useUsername';
}
protected function credentials(Request $request)
{
return $request->only($this->username(), 'usePassword');
}
In Users.php
protected $table = 't_user';
public function getAuthPassword()
{
return $this->usePassword;
}
I hope you could help me to solve this issue, I don't really understand why I get these different error with hash or not hash and how I could solve it.
MYT.
I thing you can use a Hashing Password by Using Bcrypt in Laravel.
like
$password = Hash::make('yourpassword');
Basically, you'll do it when creating/registering a new user
then hash password will be store into database.
when you log in then you can remember your password otherwise it will give you error ...
if you forgot your hash password then you can bcrypt password by using this one
$password = bcrypt('admin');
I hope this will help you...
for more information of Hashing you can visit
Hashing in laravel
I solved my problem by doing a custom AuthController. It was easiest for what I wanted to do.
I'm trying to add authentication to an existing application for a company that has a table that stores its users with plain-text password. In Laravel, I know that I can use Auth::attempt() in order to authenticate a user, but the password is checked against a hashed password. How to I go about checking a plain-text password instead?
Just check the password and login user manually with the loginUsingId() method:
if ($user->password === $request->password) {
auth()->loginUsingId($user->id);
}
I'd also recommend you to hash all the passwords. Storing plain text passwords is a terrible thing to do. Do something like this just once (in Tinker, for example):
$users = User::all();
foreach ($users as $user) {
$user->update(['password' => bcrypt($user->password)]);
}
What type of hashing algorithm is used by default for passwords in Laravel. If we want to change the password in the database then how can we identify the hash type of the password?
According to Laravel Documentation :
The Laravel Hash facade provides secure Bcrypt hashing for storing
user passwords. If you are using the AuthController controller that is
included with your Laravel application, it will be take care of
verifying the Bcrypt password against the un-hashed version provided
by the user.
Likewise, the user Registrar service that ships with Laravel makes the
proper bcrypt function call to hash stored passwords.
Hashing A Password Using Bcrypt
$password = Hash::make('secret');
You may also use the bcrypt helper function:
$password = bcrypt('secret');
Verifying A Password Against A Hash
if (Hash::check('secret', $hashedPassword))
{
// The passwords match...
}
Checking If A Password Needs To Be Rehashed
if (Hash::needsRehash($hashed))
{
$hashed = Hash::make('secret');
}
You can also use laravel/tinker to update/create/delete/etc data in the DB table from console, for example:
php artisan tinker
>>$user = App\Models\User::find(2);// or User::find(2)find user with id 2
>>$user->password = bcrypt('test83403'); //change password
>>$user->save(); //save the new change
I am using in-built Registration and Login code in Laravel 5.1
What I am doing ?
I did the registration and credentials are being saved successfully.
What's the problem ?
When I try to do the login, it says "These credentials do not match our records."
In postLogin Method , I saw the code : $credentials = $this->getCredentials($request); and when I printed values in $credentials and found that the Password value is plain text.
May be that's the reason the below line when executes always says User not found
if (Auth::attempt($credentials, $request->has('remember'))) {
Please suggest me the path
You should use bcrypt to encrypt the user password.
$user = new App\User;
$user->email = 'test#test.com';
$user->password = bcrypt('plain-text-password');
$user->save();
The Hash::check method allows you to verify that a given plain-text
string corresponds to a given hash.
if (Hash::check('plain-text-password', $hashedPassword)) {
// The passwords match...
}
I made many changes in the Framework. Those changes were like adding new columns in the User Table and code changes. Also changed from password to Password. Then I realized that at Authenticatable class under getAuthPassword function, it had to be Password and not password
So, I'm switching over to laravel for my site. My old site currently holds around 500 users. Each user has a md5 hash attached to them, as the password (duh ^^).
As I'm switching over to laravel, I wish to use the Auth::attempt
unfortunately it uses its own method to hash password strings. I don't want all my users to change their password, because I'm switching to laravel, is it possible to make the Auth class use md5 instead, so my users don't have to switch password? :)
If yes, can someone show me how?
MD5 is horribly outdated. I recommend that you don't try to keep it.
Instead, when a user first logs in, and Auth::attempt fails, you should then try to compare their password to the database as MD5
$user = User::where('username', '=', Input::get('username'))->first();
if(isset($user)) {
if($user->password == md5(Input::get('password'))) { // If their password is still MD5
$user->password = Hash::make(Input::get('password')); // Convert to new format
$user->save();
Auth::login(Input::get('username'));
}
}
Don't use md5 for password hashing. Even the php manual warns against it: "Warning It is not recommended to use this function to secure passwords, due to the fast nature of this hashing algorithm.".But in your case you can use the below snippet in your project
$user = User::where([
'login_id' => $request->login_id,
'password' => md5($request->password)
])->first();
if ($user) {
Auth::login($user);
return redirect()->intended('home')->withSuccess('User Signed in');
}