Support the ongoing development of Laravel.io →
Configuration Authentication Security
Last updated 2 years ago.
0

Short answer: Your not hashing your password before saving it.

Longer answer: Laravel validates a user by fetching a user using a where on any credentials that aren't a password. In your case it will do a where on the username field. It then calls EloquentUserProvider::validateCredentials which checks your password against the database password using Hash::check. See https://github.com/illuminate/auth/blob/master/EloquentUserProvider.php#LC104

Last updated 2 years ago.
0
$password 		= Input::get('password');
$user->password       = Hash::make($password);
Last updated 2 years ago.
0

Alright well I had that integrated earlier. Do I only need to hash the password when they sign up and then just pass the regular text password when I use Auth::attempt?

Last updated 2 years ago.
0

charlietechnology said:

Alright well I had that integrated earlier. Do I only need to hash the password when they sign up and then just pass the regular text password when I use Auth::attempt?

Yep thats right.

Last updated 2 years ago.
0

Sign in to participate in this thread!

Eventy

Your banner here too?

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2024 Laravel.io - All rights reserved.