[英]Laravel Hash::check() always return false
I have profile form for user can edit own profiles.我有用户的个人资料表格,可以编辑自己的个人资料。 in this form I have current password.
在这种形式中,我有当前密码。 that must be match from seved into database.
必须从 seved 匹配到数据库。
Form:形式:
{{ Form::password('currPassword', array('id'=>'currPassword')) }}
i want to have this function in Controller to check this with database.我想在控制器中有这个功能来检查数据库。
$data = User::find($id);
if( ! Hash::check( $data->password , Input::get('currPassword') ) )
{
return Redirect::to('/admin/profile')
->with('message', 'Current Password Error !')
->withInput();
}
hashed 123456
password into database is ok and after putting 123456
in currPassword
that must be return TRUE
but that return FALSE
always.将
123456
密码散列到数据库中是可以的,在将123456
放入currPassword
,必须返回TRUE
但始终返回FALSE
。
You're using the wrong argument order.您使用了错误的参数顺序。 It's
Hash::check($input, $hash)
, not the other way around.它是
Hash::check($input, $hash)
,而不是相反。
Short tinker example:短修补程序示例:
[1] > $pw = 123456;
// 123456
[2] > $hashed = Hash::make($pw);
// '$2y$10$xSugoyKv765TY8DsERJ2/.mPIOwLNdM5Iw1n3x1XNVymBlHNG4cX6'
[3] > Hash::check($hashed, $pw);
// false
[4] > Hash::check($pw, $hashed);
// true
Hash::check() has two parameters first one is plane password and another is hashed password.
Hash::check() 有两个参数,一个是平面密码,另一个是散列密码。 If password matched with hash it will return true.
如果密码与哈希匹配,它将返回 true。
Hash::check(normal_password,hashed_password);
Example :例子 :
Hash::check('123456a','$2y$10$.XB30GO4jn7bx7EauLrWkugIaCNGxiQCgrFTeFDeSSrGdQYd6Rneq');
I had the same issue and solved it like this:我遇到了同样的问题并像这样解决了它:
I found that I was using the Hash::make function in my RegistrationService class and more important that I had already used the setPasswordAttribute function in my User model which were quickly forgotten:我发现我在我的 RegistrationService 类中使用了 Hash::make 函数,更重要的是我已经在我的User 模型中使用了setPasswordAttribute函数,但很快就忘记了:
class User extends Model implements AuthenticatableContract, AuthorizableContract
{
...
/**
* @param $value
*/
public function setPasswordAttribute($value)
{
$this->attributes['password'] = Hash::make($value);
}
}
So the password was double hashed and of course every Hash::check call was incorrect and return false.所以密码是双重散列的,当然每个 Hash::check 调用都不正确并返回 false。
Though above answers are valid for the question provided, I'm adding more explanation to give details insights尽管以上答案对所提供的问题有效,但我正在添加更多解释以提供详细信息
Verifying A Password Against A Hash根据散列验证密码
The check method allows you to verify that a given plain-text string corresponds to a given hash. check 方法允许您验证给定的纯文本字符串是否对应于给定的散列。 However, if you are using the LoginController included with Laravel, you will probably not need to use this directly, as this controller automatically calls this method:
但是,如果您使用 Laravel 附带的 LoginController,您可能不需要直接使用它,因为此控制器会自动调用此方法:
if (Hash::check('plain-text', $hashedPassword)) {
// The passwords match...
}
check() method is declare in HasherInterface check() 方法在 HasherInterface 中声明
This method is to Check the given plain value against a hash.此方法是根据散列检查给定的纯值。
bool check(string $value, string $hashedValue, array $options = array())
Check the given plain value against a hash.根据散列检查给定的普通值。
Parameters参数
string $value字符串 $value
string $hashedValue字符串 $hashedValue
array $options数组 $options
Return Value返回值
bool布尔值
For your example :对于您的示例:
$data = User::find($id);
if( ! Hash::check(Input::get('currPassword') , $data->password ) )
{
return Redirect::to('/admin/profile')
->with('message', 'Current Password Error !')
->withInput();
}
I had the same issue and after spending 2 hours to work it out, I found that I was hashing the password twice before updating it.我遇到了同样的问题,在花了 2 个小时解决之后,我发现在更新密码之前我对密码进行了两次哈希处理。
1. From the PasswordResetController, 1. 从 PasswordResetController,
2. And in User model, I had this function: 2.在用户模型中,我有这个功能:
public function setPasswordAttribute($password)
{
$this->attributes['password'] = bcrypt($password);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.