How to match input password and database hash pass

2020-05-27 04:17发布

问题:

How to authenticate a user password from a given request in Laravel? How is the password checked against the password hash stored in the database?

回答1:

First, you'll need to find the User who is logging in based on email address or username or however you identify them, for example:

$user = User::where('email', '=', 'email@address.com')->first();

Then, you'll need to CHECK the hashed password, like so:

Hash::check('INPUT PASSWORD', $user->password);

This will return true or false based on whether or not the password matches.



回答2:

Laravel Login Authentication:

public function login(Request $request)
{
     $email = $request->input('email');
     $password = $request->input('password');

     $user = User::where('email', '=', $email)->first();
     if (!$user) {
        return response()->json(['success'=>false, 'message' => 'Login Fail, please check email id']);
     }
     if (!Hash::check($password, $user->password)) {
        return response()->json(['success'=>false, 'message' => 'Login Fail, pls check password']);
     }
        return response()->json(['success'=>true,'message'=>'success', 'data' => $user])
}


回答3:

 $email = Input::get('email');
    $user = User::where('email', '=', $email)->first();
    if (!$user) {
        return response()->json(['success'=>false, 'message' => 'Not Login successfull']);
    }
    if (!Hash::check(Input::get('password'), $user->password)) {
        return response()->json(['success'=>false, 'message' => 'Not Login successfull']);
    }
    return response()->json(['success'=>true,'message'=>'success', 'data' => $user]);


回答4:

You can create the below method to find the user authentication as explained on the laravel website for authentication:

public function authenticate(Request $request)
{
    $credentials = $request->only('email', 'password');

    if (Auth::attempt($credentials)) {
        // Authentication passed...
        // use the below code to redirect the user to dashboard.
        // return redirect()->intended('dashboard');
    }
}

Please check the link below for more details regarding authentication on laravel website: https://laravel.com/docs/5.6/authentication#authenticating-users



回答5:

Step 1: first get user data from DB

$user = User::where('email', '=', $request->input('email'))->first();

Step 2: Get user password as

$user->password

Step 3: Validate it as

 if(Hash::check($password, $user->password)) {
        return response()->json(['status'=>'true','message'=>'Email is correct']);
    } else {
        return response()->json(['status'=>'false', 'message'=>'password is wrong']);
    }

woo hoo!!!!! you have done :)



回答6:

From Laravel 5 onward, you can use the bcrypt() function to hash a plaintext. So, you can save that hashed password in DB and then, compare the hashed password again to match.

$save_password = bcrypt('plain_text_password');

$check_password = bcrypt('provided_password_while_login_request');

And then, compare these two. You're good to go.

Or, if you want to go with the Laravel way:

 $credentials = $request->only('email', 'password');

    if (Auth::attempt($credentials)) {
        // Authentication passed...
        return redirect()->intended('dashboard');
    }

As per Laravel documentation, and I quote: "The attempt method accepts an array of key / value pairs as its first argument. The values in the array will be used to find the user in your database table. So, in the example above, the user will be retrieved by the value of the email column. If the user is found, the hashed password stored in the database will be compared with the password value passed to the method via the array. You should not hash the password specified as the password value, since the framework will automatically hash the value before comparing it to the hashed password in the database. If the two hashed passwords match an authenticated session will be started for the user.

The attempt method will return true if authentication was successful. Otherwise, false will be returned."