laravel Hash::make keep giving a different results

Question

I'm trying to implement authentication in laravel 4

When the user registers, I hash the password and save it, like this:

$password = Hash::make(Input::get('password'));

Then when the user tries to login, I want to authenticate him/her with the following code:

if (Auth::attempt(array('username' => Input::get('username'), 'password' => Hash::make(Input::get('password')))))
{
    return Redirect::intended('dashboard');
}

and that never succeeds. I tried to debug the code and it seems that the Hash::make function always gives a different result.

Am I using a good authentication methods?

Answer 1

Don't Hash the password you are giving to the Auth::attempt method, it should be like this:

Auth::attempt(array('username' => Input::get('username'), 'password' => Input::get('password')));

You may also check the password using Hash::check('password', $hashedPassword). Read more about security on Laravel website.

Answer 2

To add some explanation to the answer, it is different every time because the hashing algorithm bcrypt generates a random string (salt) that has to be used to decrypt the password.

This is to protect passwords from rainbow table attacks. https://en.wikipedia.org/wiki/Rainbow_table

Answer 3

Do not hash the password in the auth::attempt() function the code should be like this:

Auth::attempt(array('username' => Input::get('username'), 'password' => Input::get('password')));

The auth::attempt() will hash the password and then check if it matches the one stored in the database