Skip to content
Advertisement

How does Auth::attempt check password in Laravel?

I’m using Laravel 5.4. I know that hashing is one way thing. as I remembered, I hashed passwords and saved them on database and when i wanted to check user password I would hash their entered password and checked it with hashed string on database.

in laravel I only need to write below code:

 $email = $request['email'];
 $pass = $request['password'];

 if(Auth::attempt(['email'=> $email , 'password' => $pass])){
       //return something
   } 

There is no need to bcrypt($request['password']); .

eventhough every time I have to use bcrypt the hash string would be different.

How Auth::attempt Hash password with bcrypt for checking passwords.


I need an explanation that how Auth::attempt works while using bcrypt. I know how to implement the code and check passwords.

Advertisement

Answer

Laravel uses bcrypt for hashing password. bcrypt will generate random salt each time we use it. thats the reason we get different hash while we provide same string.

how we can compare two hashes?

random salt will save beside:

[full hash] = [random-salt-part]+[hashed-string-with-random-salt]

so for comparing we should use saved random-salt-part instead of using random salt. this way we gonna have same hash.

why use random salt? in short : to fight against the likelyhood of being cracked by a rainbow table. for more detailed answer visit: https://security.stackexchange.com/questions/66989/how-does-a-random-salt-work

User contributions licensed under: CC BY-SA
9 People found this is helpful
Advertisement