[英]How to compare Laravel's hash password using a custom login form?
Can you help me with this?你能帮我解决这个问题吗? I am building my own login form using Laravel.
我正在使用 Laravel 构建我自己的登录表单。 But I have a problem because I stored my password using Hash method and in my login form I used hash method again to compare.
但是我有一个问题,因为我使用哈希方法存储了我的密码,并且在我的登录表单中我再次使用了哈希方法进行比较。 But I found out that the hash value is always changing.
但是我发现哈希值总是在变化。
Here's my code in routes:这是我在路线中的代码:
Route::post('/admin_handle_login', function()
{
$rules = array(
'admin_username' => 'required',
'admin_password' => 'required'
);
$validate_admin_login = Validator::make(Input::all(), $rules);
if($validate_admin_login->fails()) {
$messages = $validate_admin_login->messages();
Session::flash('warning_notification','Error: Incomplete details!');
return Redirect::to('/flaxadmin')
->withErrors($messages)
->withInput(Input::except('admin_password'));
} else {
$d = array(
Input::get('admin_username'), Hash::make(Input::get('admin_password'))
);
$validate_admin = DB::table('administrators')
->select('username')
->where('username', Input::get('admin_username'))
->where('password', Hash::check('password', Input::get('admin_password')))
->count();
fp($d);
fp($validate_admin);
}
});
The result is结果是
Array
(
[0] => admin002
[1] => $2y$10$RTwKHN9W1/unu1ZhYlNjauApJjjoNTBnE6td/AZ5jWgZEdqVav0um
)
0
In my database the password of admin002 is在我的数据库中,admin002 的密码是
$2y$10$47sSXLzh/YXN6Rf2fmljYO7lZaxfhXVSUTp5bssR2gYQ6Nw9luUH2
Is my code wrong?我的代码错了吗? Or are there any proper way to do this?
或者有什么合适的方法可以做到这一点? I am a begiiner in Laravel..
我是 Laravel 的初学者..
First, you cannot do it this way.首先,你不能这样做。 Assuming
username
is unique, you should do:假设
username
是唯一的,你应该这样做:
$validate_admin = DB::table('administrators')
->select('username')
->where('username', Input::get('admin_username'))
->first();
if ($validate_admin && Hash::check(Input::get('admin_password'), $validate_admin->password)) {
// here you know data is valid
}
However you should think about rather using built-in methods than coding it yourself.但是,您应该考虑使用内置方法而不是自己编码。 You have
Auth::attempt
or Auth::validate
if you want to login/check only user with password so there's really no need to code it yourself.如果您只想使用密码登录/检查用户,则可以使用
Auth::attempt
或Auth::validate
,因此实际上无需自己编写代码。
Here you're checking the string 'password' with the hashed version of the input password.在这里,您使用输入密码的散列版本检查字符串 'password'。
So try fetching the user by their username and if you've a result you can compare the hashed version of the password, stored in the database, with the input password.因此,尝试通过用户名获取用户,如果您有结果,则可以将存储在数据库中的密码的散列版本与输入密码进行比较。 Like so:
像这样:
$user = DB::table('administrators')
->select('username', 'password')
->where('username', Input::get('admin_username');
if($user->count()) {
$user = $user->first();
if(Hash::check(Input::get('admin_password'), $user->password)) {
//User has provided valid credentials :)
}
}
A slight improvement to marcin-nabiałek 's answer , you can now use PHP's password_verify
to achieve the same对marcin-nabiałek的回答略有改进,您现在可以使用 PHP 的
password_verify
来实现相同的
$user = App\User::where('email', $request->email)->first();
if($user && password_verify($request->password, $user->password)) {
// authenticated user,
// do something...
}
This is useful code 100% laravel 6/7/8.这是有用的代码 100% laravel 6/7/8。
if ($data = AddEmployee::where('name', $request->name)-first()) {
$pass = Hash::check($request->password, $data->password);
if ($pass) {
echo "sucess";
} else {
echo "Password Not Valid";
}
} else {
echo "Username Not Valid" . "<br>";
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.