stackoom
  简体   繁体   中英

Check if Password exists

 原文  2015-10-28 07:37:57       php/ laravel/ laravel-5/ eloquent/ laravel-5.1

Question

I'm using laravel 5.1. Now I want to retrieve check if a certain password is already defined in the database. Here's my database schema

/* Accounts table */ 

Schema::create('accounts', function (Blueprint $table) {
      $table->increments('id');
      $table->integer('pharmacist_id')->unsigned()->index();
      $table->foreign('pharmacist_id')->references('id')->on('pharmacists')->onDelete('cascade');
      $table->string('username')->unique();
      $table->string('password', 70);
      $table->string('rights');
      $table->rememberToken()
      $table->timestamps();
});

/* Pharmacists Table */ 

Schema::create('pharmacists', function (Blueprint $table) {
      $table->increments('id');
      $table->integer('pharmacy_id')->unsigned()->index();
      $table->foreign('pharmacy_id')->references('id')->on('pharmacies')->onDelete('cascade');
      $table->string('fname');
      $table->string('mname');
      $table->string('lname')
      $table->date('bdate');
      $table->string('email');
      $table->string('contact');
      $table->timestamps();
});

Now what I want is to check if a certain password is already defined in a certain pharmacy_id it looks something like this 

$accounts = Account::whereHas('pharmacist', function($query) {
                    return $query->where('pharmacy_id', Auth::user()->id);
                })->where('password', $password)->get();

But it seems that the password is only being passed as a plain text and not encrypted. Also I tried using this method 

where('password', bcrypt($password))
where('password', Hash::make($password))
where('password', Crypt::encrypt($password))

But none of this works. Any solution guys? I'm thinking of something like this and I'm not sure if this is possible 

$is_valid = Auth::validate(array('pharmacist.pharmacy_id' => Auth::user()->id, 'password' => $value));

Because if I used the below code I can able to check if the user has inputted the valid password. 

$is_valid = Auth::validate(array('id' => Auth::user()->id, 'password' => $value));

It's easy to check if the username and password match using the Auth::validate but the needed checking is to check if a certain pharmacist already inputted this specific password. So basically its kinda like looping in all the accounts and check if their password is the same as this specific password.

Here's what I have so far but this has some problem. If a certain pharmacy has 1000+ user then this will loop 1000x which is not optimized and not a good solution 

$accounts = Account::whereHas('pharmacist', function($query) {
                    return $query->where('pharmacy_id', Auth::user()->id);
                })->get();


foreach($accounts as $account) {
    if (Hash::check($value, $account->password)) {
      // FOUND!!!
    }
}

To make it short

Pharmacy has many Pharmacists Pharmacist has one account

Now I want to check if a certain Pharmacy has an account password of "certain password" so its like I need to check all account belonging to a certain pharmacists and that pharmacy belongs to a certain pharmacy

2 answers

solution1
 2  2015-10-28 08:49:28

Client wants it to have 1 pharmacy and all pharmacist will use 1 account. And the only thing to identify this pharmacist is through their Password/PIN.

To put it bluntly: that's plain stupid.

A password is a secret which only the account holder knows. Nobody else is supposed to know the password. Not even the owner of the server. That's why you hash and salt passwords irretrievably to leave no trace of the plaintext password. The password is only used as a verification to prove the identity of the user.

The flow is:

  1. user claims to be "X" (identity)
  2. server ask "if you're really X, what is the secret?"
  3. user proves their identity with their secret password

What you're doing is to reduce this to just one identifier. The user just claims to be "Bob" and as long as there is a "Bob" in your database you let them pass. But additionally you're doing this in the most technically backwards and slow way possible.

This also means every user will have to have a unique password. If a user chooses a password which already exists, you'll have to reject that password, telling the user to choose a different password. That signals to the user that someone else is using this password, and that they have just guessed somebody else's password and could impersonate them.

That's why there's a distinction between the indexable, knowable, de-duplicatable id and the secret proof .

Bad idea all around.

solution2
 0  2015-10-28 08:12:19

Create your own Request class (ther is tutorial about that https://laracasts.com/series/laravel-5-fundamentals/episodes/12 ) and in request class you can use something like that 

return [

        'password' => 'required|confirmed|min:6|unique:users', ]

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Laravel Validation Check if password exists Check if username exists and also check if password matches Check if WordPress password protect cookie exists Laravel 5.3 check if email exists only if password field is filled in Can someone make an example of how to check if email and password exists in database with PDO? (FOR DUMMIES). Php check password and password confirmation I need a check on,if the user enter a same username or password in db,code needs to tell them.it already exists.but its not working here Check if an include (or require) exists check if a row in mysql exists Check if something exists in array
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM