[英]How to get encrypted password value in laravel?
I am trying to change the password of a user for this i need to check that old password of that user does match with the value i am getting from html "oldpass" text box. 我正在尝试为此更改用户密码,我需要检查该用户的旧密码是否与从html“ oldpass”文本框中获取的值匹配。 If the existing password value and "oldpass" value matches the new password will be updated in database.The password value i am getting from the database is encrypted. 如果现有密码值和“ oldpass”值匹配,则新密码将在数据库中更新。我从数据库获取的密码值已加密。
$userpass = User::where('id', '=', Session::get('userid'))->get(array('password')); $ userpass = User :: where('id','=',Session :: get('userid'))-> get(array('password')); The problem is that $userpass returns a null value . 问题是$ userpass返回一个空值。
Here is the code: 这是代码:
$oldpass = Hash::make(Input::get('oldpass'));//Getting password from html form
$userpass = User::where('id', '=', Session::get('userid'))->get(array('password'));//Getting password value from database Users table
if ($oldpass === $userpass) {
User::where('id', '=', Session::get('userid'))
->update(array(
'password' => Hash::make(Input::get('newpass'))
));
} else {
Return View::make('changepass.changepass')
->with('errormessage', 'Password does not match');
}
There are two main problems here. 这里有两个主要问题。
On one hand, $userpass
is returning null because get()
is not the appropiate function to fecth a column. 一方面, $userpass
返回null,因为get()
不是影响列的适当函数。 You can use pluck for that (see the query builder docs ) 您可以为此使用pluck(请参阅查询构建器docs )
Anyway you can just call the attribute once you fetch the user like: 无论如何,只要像这样获取用户,就可以调用属性:
$userpass = User::find(Session::get('userid'))->password;
You are trying to compare a hashed password with a plain password. 您正在尝试将哈希密码与普通密码进行比较。 Laravel uses Guard by default to manage user Authentication and Guard uses Hash::make
to store it. Laravel默认使用Guard来管理用户身份验证,Guard使用Hash::make
来存储它。 You should compare hashes with: 您应该将散列与以下内容进行比较:
Hash::check($oldpass, $userpass)
You could also just check with Guard the user credentials are correct with Auth::validate($credentials)
(see Laravel Security ) and then change the password like: 您也可以只使用Guard来检查用户凭据是否正确,方法是使用Auth::validate($credentials)
(请参阅Laravel Security ),然后更改密码,例如:
if(Auth::validate('id' => Session::get('userid'), 'password' => Input::get('oldpass'))){
//Assuming user was authenticated before. If not use Auth::attempt instead of validate
Auth::user()->password = Hash::make(Input::get('newpass'));
} else {
Return View::make('changepass.changepass')
->with('errormessage', 'Password does not match');
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.