M
M
mrSeller2018-03-28 00:02:39
Laravel
mrSeller, 2018-03-28 00:02:39

How to compare two hashed passwords?

Passwords are saved to a table by passing through bcrypt()
When saving account data, you need to enter the old password, and to compare it with what is in the database, I also run the entered password through bcrypt().
Thus found that different hashes are always generated using the same password.
How then to check?
And how does authorization happen then if the same password is always hashed differently?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
A
Arman, 2018-03-28
@mrSeller

you don’t need to look for the password in the database, you need to look for the user (by ID, mail, login)
when you find the user, we take his password hash and check it through a separate function.
The fact that each time a new hash is normal today, so if the database is stolen, they will not be able to guess the password through hash bypass.

B
Barmunk, 2018-03-28
@Barmunk

create a new validator rule that will validate the current password

//AppServiceProvider.php
Validator::extend('current_password', function ($attribute, $value, $parameters, $validator) {
            return Hash::check($value, auth()->user()->password);
}, "Неверный пароль, попробуйте еще раз!");

//controller
$validatedData = $request->validate([
    'old_password' => 'required|string|current_password',
]);

//...

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question