-2

User can change the password once when he is login, but when I get the password in the view it's hashed, that is because when is saved in the db is hashed by bcrypt.

So I want it to have in the view exactly the password that the user entered.

My Blade Code:

<input class="form-control m-input" value="{{$staff->password}}"  
type="password" name="password">
Troyer
  • 6,765
  • 3
  • 34
  • 62
Hassaan
  • 339
  • 1
  • 8
  • 20
  • 1
    This is a bad practice and should be avoided, also, it may even be illegal if you want to access to your user's password. – LoïcR Apr 05 '18 at 07:49
  • Try using Hash::check(Auth::user()->password) – DPS Apr 05 '18 at 08:20
  • Possible duplicate of [How can I decrypt a password hash in PHP?](https://stackoverflow.com/questions/24024702/how-can-i-decrypt-a-password-hash-in-php) – Quentin Apr 05 '18 at 13:21
  • There is no good reason to tell the user what their password is. If they don't know it, then you need to use some other mechanism to verify their identity and then force them to change it. – Quentin Apr 05 '18 at 13:22

4 Answers4

2

You can not do that. Hashing is in one way. That is why it is secure and no one can know what password consists on - just user know it.

If you want to decode password (what is really insecure and is treated as bad practice) you need to create own way to encode it.

Another way is simply take the Response $response values like that:

public function functionName(Response $response) {
    $password = $response->password
}

More: https://laravel.com/docs/5.6/hashing

Adam Kozlowski
  • 5,606
  • 2
  • 32
  • 51
2

You simply can't do that, at first because to descrypt a hashed password its very complicated and sometimes, close to impossible, plus the thing you want to do its insecure and will lead to security vulnerabilities.

You can read why it's important to hash password in this blogoverflow post: Why passwords should be hashed.

Now knowing why passwords must be hashed in the database, you could find a solution in your problem storing the password when the user changes it on a single request in a variable or in a session, this stills being not a good practice but that could be a solution only in extremis.

If you want to show in the view the typed password after a post form, you can send the password in a variable to the view in your controller like:

return view('view')->with('typed_password', $request->password);

And in your view you can print it using:

{{ $typed_password }}
Troyer
  • 6,765
  • 3
  • 34
  • 62
  • i know but all i wants to do is give the user it's password that is been entered by the user not the encrypted one – Hassaan Apr 05 '18 at 08:19
  • Then you can simple return the password in the return of your controller, something like: return view('view')->with('typed_password', $request->password) – Troyer Apr 05 '18 at 08:24
0

You might have to go to built-in file where laravel bcrypts password..Go to that file and remove the bcrypt function.

Muhammad Rizwan
  • 488
  • 1
  • 7
  • 23
0

This is bad practice!
instead, you shoud create an input with a current password and new password and finally re-enter password for confirmation this protect way to user editing own password secure.

<form id="form-change-password" role="form" method="POST" action="{{ url('/user/credentials') }}" novalidate class="form-horizontal">
  <div class="col-md-9">             
    <label for="current-password" class="col-sm-4 control-label">Current Password</label>
    <div class="col-sm-8">
      <div class="form-group">
        <input type="hidden" name="_token" value="{{ csrf_token() }}"> 
        <input type="password" class="form-control" id="current-password" name="current-password" placeholder="Password">
      </div>
    </div>
    <label for="password" class="col-sm-4 control-label">New Password</label>
    <div class="col-sm-8">
      <div class="form-group">
        <input type="password" class="form-control" id="password" name="password" placeholder="Password">
      </div>
    </div>
    <label for="password_confirmation" class="col-sm-4 control-label">Re-enter Password</label>
    <div class="col-sm-8">
      <div class="form-group">
        <input type="password" class="form-control" id="password_confirmation" name="password_confirmation" placeholder="Re-enter Password">
      </div>
    </div>
  </div>
  <div class="form-group">
    <div class="col-sm-offset-5 col-sm-6">
      <button type="submit" class="btn btn-danger">Submit</button>
    </div>
  </div>
</form>
Mahdi Safari
  • 298
  • 3
  • 12