3

Good Day,

I'm new and still learning in the Laravel 7 Framework. Is there a method on how I can use plain text password for my login page because on my existing database users password is only used plain text?

P. James
  • 415
  • 4
  • 15
  • 3
    Plaintext passwords are dangerous. Always encrypt and compare. Use enters password -> encrypt and stores in db, then when user wants to log in, encrypt password -> send to server side -> server compares that encrypted form info with what encrypted data is in the database. – tblev May 11 '20 at 03:51
  • 4
    @tblev *hash* and *regenerate the hash to verify*. Encryption = reversible. [See this question for why they are not the same thing](https://stackoverflow.com/questions/4948322/fundamental-difference-between-hashing-and-encryption-algorithms) – Machavity May 11 '20 at 03:56
  • 2
    If your existing DB is already plain text passwords then just wash them through [password_hash](https://www.php.net/manual/en/function.password-hash.php). Seriously, PHP makes securing passwords **trivial**. There's no excuse not to use it – Machavity May 11 '20 at 03:59

2 Answers2

1

You can manually retrieve a user then pass it to the Auth::login( $user ). Example: 

$user = User::where( 'email'    => $request->input( 'email' ) )
        ->where( 'password' => $request->input( 'password' ) )
        ->first();

if( $user ) {
    Auth::login( $user );
}
Mobarok Hossain
  • 46
  • 4
0

If you are using Passport, this can be done by extending Laravel\Passport\Bridge\UserRepository class.

use Laravel\Passport\Bridge\UserRepository;
use Laravel\Passport\Bridge\User;

class MyUserRepository extends UserRepository
{
    public function getUserEntityByUserCredentials(
        $username,
        $password,
        $grantType,
        ClientEntityInterface $clientEntity
    ) {
        $user = UserModel::first(['username' => $username]);
        if ($user->password == $password) {
            return new User($user->getAuthIdentifier());
        }
        return null;
    }
}

Then you may want to bootstrap the repository to Passport via a service provider, ways to do it will depend on your authentication policy.

Vladislav Kryshtanovskiy
  • 136
  • 6