1

I'm using Lumen to develop my API website, I came across this part where I hash password and check hash but it always returns false below is my attempt.

$hashed = $request->input('hash'); // e.g. $2y$10$EBQKLl5cdbOLzP0luWUlp.hQYJLYGnDeOymodXSAbWj.Posf.yv1m
$res = Hash::check(trim($request->input('password')), trim($hashed));

return response()->json([ 'hash' => $hashed, 'password' => $request->input('password')), 'hash_result' => $res ]);

I use trim so to make sure there are not whitespaces and I can verify variables (hash, password) exist so what seem's wrong?

using postman

enter image description here

Any help, ideas is greatly appreciated. Thank you.

Juliver Galleto
  • 8,831
  • 27
  • 86
  • 164
  • What if I want a space in my password? But anyway, perhaps you can give us some more context for your code? And have you verified that the form name fields are "hash" and "password" respectively? – Elliot Apr 16 '19 at 07:00
  • yes, I can confirm those variables (password, hash) exist and correct by returning it back as a response. – Juliver Galleto Apr 16 '19 at 07:04

1 Answers1

0

hash::check() is for checking a plain text(like password) against a hash witch has been generated inside your website. there is a key in .env named "APP_KEY" witch is used to create the hash and checking the hash.

so what you are doing wrong is sending the password and hashed password(witch is not generated by your website) in the same request to your API.

just send the password and check it against the hashed version in your DB.

Amirsadjad
  • 485
  • 3
  • 8