Answer the question
In order to leave comments, you need to log in
M
M
mrSeller2018-03-28 00:02:39
mrSeller, 2018-03-28 00:02:39
How to compare two hashed passwords?
Passwords are saved to a table by passing through bcrypt()
When saving account data, you need to enter the old password, and to compare it with what is in the database, I also run the entered password through bcrypt().
Thus found that different hashes are always generated using the same password.
How then to check?
And how does authorization happen then if the same password is always hashed differently?
2 answer(s)
@mrSeller
@Barmunk
A
Arman, 2018-03-28 @mrSeller
you don’t need to look for the password in the database, you need to look for the user (by ID, mail, login)
when you find the user, we take his password hash and check it through a separate function.
The fact that each time a new hash is normal today, so if the database is stolen, they will not be able to guess the password through hash bypass.
B
Barmunk, 2018-03-28 @Barmunk
create a new validator rule that will validate the current password
//AppServiceProvider.php
Validator::extend('current_password', function ($attribute, $value, $parameters, $validator) {
return Hash::check($value, auth()->user()->password);
}, "Неверный пароль, попробуйте еще раз!");
//controller
$validatedData = $request->validate([
'old_password' => 'required|string|current_password',
]);
//...
Similar questions
N
1
S
V
V
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question