0

Good day,

I am creating a program where all I need for credentials is the password. 

$password = Input::get('password'); //eg: admin

and when I try to compare it with value on database which is hashed already.

$user = DB::table('users_table')->where('password',$password)->get(); 
//eg: hashed value for admin is '$10$zYy1fGLPh/eI/sj8YmkN8.sTTkD4k9t/gwrkgGWOIufHvRYhKwTay'.

I cant get any successful filter with it. Do I need special functions for this? thanks for the help.

Improve this question
1
  • How do you hash $password? Commented Dec 2, 2015 at 12:54

5 Answers 5

Reset to default
3

If you're using Laravel's built in Hash::make() you won't be able to do it the way you're trying.

What happens when you Hash a password (using Laravel's Hash or PHP's password_hash()) is that you get a unique hash every time.

You should really require a user name, then fetch the password hash from that record and check it with Hash::check(). Otherwise you will need to fetch all passwords from the database, iterate through them and check each. Depending on the "cost" in the hashing algorithm, this could be an expensive operation if you have many users.

Now I don't know if you have multiple users in your table, but if you do, what happens if they have the same password?

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

thank you sir @magnus Eriksson for the insight.. I also thought your correct, because every time I refresh the browser the hash value is changing as well... I guess that what I am trying to do is kinda undoable xD
Unfortunately yes. When you have multiple users, you should always have a username (or any other identifier like email etc...). A password is not for identifying which user it is, it's only for checking that the user is who he/she claims to be.
1

It seems you're trying to compare plain $password, instead try to hash it, then do the compare, e.g.

DB::table('users_table')->where('password', some_hash_function($password))->get()
Improve this answer

Comments

1

If the password on your database is hashed, then you will need to hash the password that the user enters using the same mechamism that you used when you stored the hashed password on the database, before you use it as a search criteria. Otherwise of course, it will not match the value on the database, even if it is the correct, unhashed value.

$password = Input::get('password'); //eg: admin
$password = your_hash_function($password);


$user = DB::table('users_table')->where('password',$password)->get();
Improve this answer

4 Comments

Thank you sir for the idea.. I tried to use ` $password = Hash::make('admin')` then compare it with the hashed value on the db, but it doesnt give me a true result. I also tried echoing ` $password = Hash::make('admin');` but every time I refresh the browser the value changes xD
Use Hash::make($password) as it is the user entered password that you want to make a hash out of, not some arbitrary string like 'admin'
Since Hash::make() will give you a unique hash every time you use it, it will never match the hash stored in the database so this won't work.
@MagnusEriksson Thanks for that, Not a Laravel expert, original answer was generic so I have returned it to a generic
0

you can use Hash check 

Hash::check('password', $password);
Improve this answer

Comments

0

what is the method you used to hash the password ? then you have to compare the password in your database with the same hash method for the password got from the Input

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.