CODEWITHSUNDEEP
phpdatabaselaravelhashlaravel-5
Johan Samuelsson
Johan Samuelsson

Reputation: 67

Laravel hash check on request

I'm trying to check a form input with a hashed password stored in my database. But for some reason, the check runs on the username instead of the password. Now, my question is, am I not using these commands the right way or did I just forget something? Here is my code:

in route.php

Route::get('/{user}/confirm', 'PagesController@confirm');

in PagesController.php

public function check(User $user)
{
    return view('users.check', compact('user'));
}

public function confirm(User $user, Request $request)
{
    echo "Input = " . $request->input('check');
    echo "<br>";
    echo "Password in DB = " . $user->password;
    echo "<br>";
    echo "Username = " . $user->username;

    if (Hash::check($request->input('check'), $user->password))
        {
            echo "<br>Correct Password.";
        } else {
            echo "<br>Incorrect Password.";
        }

And finally, in check.blade.php

@extends("master")  

@section("content")
<h2>Check User:</h2>
<h3 class="text-success">{{ $user->username }}</h3>

{!! Form::model($user, ['url' => '/' . $user->slug . '/confirm', 'method' => 'GET']) !!}

<div class="form-group">
<div class="row">
    <div class="col-xs-4">
        {!! Form::label('check', 'Password') !!}
        {!! Form::text('check', null, ['class' => 'form-control']) !!}
    </div>
</div>
</div>

<div class="form-group">
{!! Form::submit('Check Password', ['class' => 'btn btn-primary']) !!}
<a href="/" class="btn btn-primary">Cancel</a>
</div>

{!! Form::close() !!}


@stop

Now, in my database, I have a user called test with password 1234. If I put "1234" in the check password field, I get "Incorrect Password". But, if I put "test", it returns "Correct Password".

I'm fairly new to programming..might be worth mentioning.

Upvotes: 1

Views: 3825

Answers (1)

Marcin Nabiałek
Marcin Nabiałek

Reputation: 111829

Everything seems that you created user with password that is the same as user name.

You should look at method where you create your user and it should be:

$user = new User();
$user->name = $request->input('name');
$user->password = Hash::make($request->input('password'));
$user->save();

I think now your process of creating user look like this:

$user = new User();
$user->name = $request->input('name');
$user->password = Hash::make($request->input('name'));
$user->save();

so you create has not for password field but for name and that's why Hash::check is true when you pass username and false when you pass password.

Upvotes: 1

Related Questions