34

How to authenticate a user password from a given request in Laravel? How is the password checked against the password hash stored in the database?

captainblack
  • 4,107
  • 5
  • 50
  • 60
user3825129
  • 501
  • 2
  • 5
  • 10
  • Apply the hashing algorithm you used to hash the stored password to the input? `$hashedPassword = hash($_REQUEST["password"]` or something. – Christophe De Troyer Aug 05 '14 at 06:36
  • No I am not using php. When user login his account that time his insert password so this password is convert to "Hash::" and compare to database stored "Hash::" password. So I am confuse to how to fetch password from database and compare to when user login password. I find one check code but not understand how to compare if (Hash::check('secret', $hashedPassword)) { // The passwords match... } – user3825129 Aug 05 '14 at 06:44
  • Possible duplicate of [Laravel 4: custom login and check password](http://stackoverflow.com/questions/17738128/laravel-4-custom-login-and-check-password) – Somnath Muluk Nov 16 '15 at 16:37
  • Check how to [make Hash and Verify Hash](http://stackoverflow.com/a/33740080/1045444) in Laravel. – Somnath Muluk Nov 16 '15 at 16:37

6 Answers6

90

First, you'll need to find the User who is logging in based on email address or username or however you identify them, for example:

$user = User::where('email', '=', 'email@address.com')->first();

Then, you'll need to CHECK the hashed password, like so:

Hash::check('INPUT PASSWORD', $user->password);

This will return true or false based on whether or not the password matches.

Darren Taylor
  • 1,975
  • 14
  • 18
18

Laravel Login Authentication: 

public function login(Request $request)
{
     $email = $request->input('email');
     $password = $request->input('password');

     $user = User::where('email', '=', $email)->first();
     if (!$user) {
        return response()->json(['success'=>false, 'message' => 'Login Fail, please check email id']);
     }
     if (!Hash::check($password, $user->password)) {
        return response()->json(['success'=>false, 'message' => 'Login Fail, pls check password']);
     }
        return response()->json(['success'=>true,'message'=>'success', 'data' => $user])
}
Vishal Vaghasiya
  • 1,857
  • 2
  • 14
  • 21
4

Step 1: first get user data from DB

$user = User::where('email', '=', $request->input('email'))->first();

Step 2: Get user password as

$user->password

Step 3: Validate it as

 if(Hash::check($password, $user->password)) {
        return response()->json(['status'=>'true','message'=>'Email is correct']);
    } else {
        return response()->json(['status'=>'false', 'message'=>'password is wrong']);
    }

woo hoo!!!!! you have done :)

Asfar Hussain Siddiqui
  • 464
  • 4
  • 9
3
 $email = Input::get('email');
    $user = User::where('email', '=', $email)->first();
    if (!$user) {
        return response()->json(['success'=>false, 'message' => 'Not Login successfull']);
    }
    if (!Hash::check(Input::get('password'), $user->password)) {
        return response()->json(['success'=>false, 'message' => 'Not Login successfull']);
    }
    return response()->json(['success'=>true,'message'=>'success', 'data' => $user]);
Dhruv Yadav
  • 41
  • 1
  • 7
3

From Laravel 5 onward, you can use the bcrypt() function to hash a plaintext. So, you can save that hashed password in DB and then, compare the hashed password again to match.

$save_password = bcrypt('plain_text_password');

$check_password = bcrypt('provided_password_while_login_request');

And then, compare these two. You're good to go.

Or, if you want to go with the Laravel way:

 $credentials = $request->only('email', 'password');

    if (Auth::attempt($credentials)) {
        // Authentication passed...
        return redirect()->intended('dashboard');
    }

As per Laravel documentation, and I quote: "The attempt method accepts an array of key / value pairs as its first argument. The values in the array will be used to find the user in your database table. So, in the example above, the user will be retrieved by the value of the email column. If the user is found, the hashed password stored in the database will be compared with the password value passed to the method via the array. You should not hash the password specified as the password value, since the framework will automatically hash the value before comparing it to the hashed password in the database. If the two hashed passwords match an authenticated session will be started for the user.

The attempt method will return true if authentication was successful. Otherwise, false will be returned."

Plabon Dutta
  • 6,819
  • 3
  • 29
  • 33
1

You can create the below method to find the user authentication as explained on the laravel website for authentication:

public function authenticate(Request $request)
{
    $credentials = $request->only('email', 'password');

    if (Auth::attempt($credentials)) {
        // Authentication passed...
        // use the below code to redirect the user to dashboard.
        // return redirect()->intended('dashboard');
    }
}

Please check the link below for more details regarding authentication on laravel website: https://laravel.com/docs/5.6/authentication#authenticating-users

Prashant Barve
  • 4,105
  • 2
  • 33
  • 42