Reputation: 1123
How to get encrypted password value in laravel?
I am trying to change the password of a user for this i need to check that old password of that user does match with the value i am getting from html "oldpass" text box. If the existing password value and "oldpass" value matches the new password will be updated in database.The password value i am getting from the database is encrypted.
$userpass = User::where('id', '=', Session::get('userid'))->get(array('password')); The problem is that $userpass returns a null value .
Here is the code:
$oldpass = Hash::make(Input::get('oldpass'));//Getting password from html form
$userpass = User::where('id', '=', Session::get('userid'))->get(array('password'));//Getting password value from database Users table
if ($oldpass === $userpass) {
User::where('id', '=', Session::get('userid'))
->update(array(
'password' => Hash::make(Input::get('newpass'))
));
} else {
Return View::make('changepass.changepass')
->with('errormessage', 'Password does not match');
}
Upvotes: 1
Views: 6097
Answers (1)
Reputation: 1113
There are two main problems here.
On one hand,
$userpassis returning null becauseget()is not the appropiate function to fecth a column. You can use pluck for that (see the query builder docs)Anyway you can just call the attribute once you fetch the user like:
$userpass = User::find(Session::get('userid'))->password;You are trying to compare a hashed password with a plain password. Laravel uses Guard by default to manage user Authentication and Guard uses
Hash::maketo store it. You should compare hashes with:Hash::check($oldpass, $userpass)
You could also just check with Guard the user credentials are correct with Auth::validate($credentials) (see Laravel Security) and then change the password like:
if(Auth::validate('id' => Session::get('userid'), 'password' => Input::get('oldpass'))){
//Assuming user was authenticated before. If not use Auth::attempt instead of validate
Auth::user()->password = Hash::make(Input::get('newpass'));
} else {
Return View::make('changepass.changepass')
->with('errormessage', 'Password does not match');
}
Upvotes: 1
Related Questions
- How to decrypt Hash Password in Laravel
- In laravel How to validate password
- Laravel Password Manager decrypt Passwords
- Laravel 5.7, How to decrypt or view Hash Password in Laravel?
- How can i decrypt a password in laravel using decrypt()?
- Convert laravel password to crypt encryption
- Laravel authentication with encrypt password
- Retrieve password stored in db
- how to see encrypted password stored in laravel and show in admin dashboard page
- Decrypt encrypted value outside of Laravel