Laravel Hash::check() 总是返回 false

Question

I have profile form for user can edit own profiles. in this form I have current password. that must be match from seved into database.

Form:

{{ Form::password('currPassword', array('id'=>'currPassword')) }}

i want to have this function in Controller to check this with database.

$data = User::find($id);
if( ! Hash::check( $data->password , Input::get('currPassword') ) )
{
    return Redirect::to('/admin/profile')
        ->with('message', 'Current Password Error !')
        ->withInput();
}

hashed 123456 password into database is ok and after putting 123456 in currPassword that must be return TRUE but that return FALSE always.

Answer 1

You're using the wrong argument order. It's Hash::check($input, $hash) , not the other way around.

Short tinker example:

[1] > $pw = 123456;
// 123456
[2] > $hashed = Hash::make($pw);
// '$2y$10$xSugoyKv765TY8DsERJ2/.mPIOwLNdM5Iw1n3x1XNVymBlHNG4cX6'
[3] > Hash::check($hashed, $pw);
// false
[4] > Hash::check($pw, $hashed);
// true

Answer 2

Hash::check() has two parameters first one is plane password and another is hashed password. If password matched with hash it will return true.

Hash::check(normal_password,hashed_password);

Example :

Hash::check('123456a','$2y$10$.XB30GO4jn7bx7EauLrWkugIaCNGxiQCgrFTeFDeSSrGdQYd6Rneq');

Answer 3

I had the same issue and solved it like this:

I found that I was using the Hash::make function in my RegistrationService class and more important that I had already used the setPasswordAttribute function in my User model which were quickly forgotten:

class User extends Model implements AuthenticatableContract, AuthorizableContract
{
   ...

    /**
     * @param $value
     */
    public function setPasswordAttribute($value)
    {
        $this->attributes['password'] = Hash::make($value);
    }
}

So the password was double hashed and of course every Hash::check call was incorrect and return false.

Answer 4

Though above answers are valid for the question provided, I'm adding more explanation to give details insights

Verifying A Password Against A Hash

The check method allows you to verify that a given plain-text string corresponds to a given hash. However, if you are using the LoginController included with Laravel, you will probably not need to use this directly, as this controller automatically calls this method:

if (Hash::check('plain-text', $hashedPassword)) {
    // The passwords match...
}

check() method is declare in HasherInterface

This method is to Check the given plain value against a hash.

 bool check(string $value, string $hashedValue, array $options = array())

Check the given plain value against a hash.

Parameters

string $value
string $hashedValue
array $options

Return Value

bool

For your example :

$data = User::find($id);
if( ! Hash::check(Input::get('currPassword') , $data->password  ) )
{
    return Redirect::to('/admin/profile')
        ->with('message', 'Current Password Error !')
        ->withInput();
}

Answer 5

I had the same issue and after spending 2 hours to work it out, I found that I was hashing the password twice before updating it.
1. From the PasswordResetController,
2. And in User model, I had this function:

public function setPasswordAttribute($password)
{   
    $this->attributes['password'] = bcrypt($password);
}