问题
I have profile form for user can edit own profiles. in this form I have current password. that must be match from seved into database.
Form:
{{ Form::password('currPassword', array('id'=>'currPassword')) }}
i want to have this function in Controller to check this with database.
$data = User::find($id);
if( ! Hash::check( $data->password , Input::get('currPassword') ) )
{
return Redirect::to('/admin/profile')
->with('message', 'Current Password Error !')
->withInput();
}
hashed 123456 password into database is ok and after putting 123456 in currPassword that must be return TRUE but that return FALSE always.
回答1:
You're using the wrong argument order. It's Hash::check($input, $hash), not the other way around.
Short tinker example:
[1] > $pw = 123456;
// 123456
[2] > $hashed = Hash::make($pw);
// '$2y$10$xSugoyKv765TY8DsERJ2/.mPIOwLNdM5Iw1n3x1XNVymBlHNG4cX6'
[3] > Hash::check($hashed, $pw);
// false
[4] > Hash::check($pw, $hashed);
// true
回答2:
Hash::check() has two parameters first one is plane password and another is hashed password. If password matched with hash it will return true.
Hash::check(normal_password,hashed_password);
Example :
Hash::check('123456a','$2y$10$.XB30GO4jn7bx7EauLrWkugIaCNGxiQCgrFTeFDeSSrGdQYd6Rneq');
回答3:
Though above answers are valid for the question provided, I'm adding more explanation to give details insights
Verifying A Password Against A Hash
The check method allows you to verify that a given plain-text string corresponds to a given hash. However, if you are using the LoginController included with Laravel, you will probably not need to use this directly, as this controller automatically calls this method:
if (Hash::check('plain-text', $hashedPassword)) {
// The passwords match...
}
check() method is declare in HasherInterface
This method is to Check the given plain value against a hash.
bool check(string $value, string $hashedValue, array $options = array())
Check the given plain value against a hash.
Parameters
string $value
string $hashedValue
array $options
Return Value
bool
For your example :
$data = User::find($id);
if( ! Hash::check(Input::get('currPassword') , $data->password ) )
{
return Redirect::to('/admin/profile')
->with('message', 'Current Password Error !')
->withInput();
}
回答4:
I had the same issue and solved it like this:
I found that I was using the Hash::make function in my RegistrationService class and more important that I had already used the setPasswordAttribute function in my User model which were quickly forgotten:
class User extends Model implements AuthenticatableContract, AuthorizableContract
{
...
/**
* @param $value
*/
public function setPasswordAttribute($value)
{
$this->attributes['password'] = Hash::make($value);
}
}
So the password was double hashed and of course every Hash::check call was incorrect and return false.
来源:https://stackoverflow.com/questions/21495502/laravel-hashcheck-always-return-false