I’m using Laravel 5.4. I know that hashing is one way thing. as I remembered, I hashed passwords and saved them on database and when i wanted to check user password I would hash their entered password and checked it with hashed string on database.
in laravel I only need to write below code:
$email = $request['email']; $pass = $request['password']; if(Auth::attempt(['email'=> $email , 'password' => $pass])){ //return something }
There is no need to bcrypt($request['password']);
.
eventhough every time I have to use bcrypt
the hash string would be different.
How Auth::attempt
Hash password with bcrypt
for checking passwords.
I need an explanation that how Auth::attempt
works while using bcrypt
. I know how to implement the code and check passwords.
Advertisement
Answer
Laravel uses bcrypt for hashing password. bcrypt
will generate random salt each time we use it. thats the reason we get different hash while we provide same string
.
how we can compare two hashes?
random salt will save beside:
[full hash] = [random-salt-part]+[hashed-string-with-random-salt]
so for comparing we should use saved random-salt-part instead of using random salt. this way we gonna have same hash.
why use random salt? in short : to fight against the likelyhood of being cracked by a rainbow table. for more detailed answer visit: https://security.stackexchange.com/questions/66989/how-does-a-random-salt-work