1

I've struggled with a problem for a while now. I want to use Laravel for my website BUT I can only use SHA256 as the password encryption because of some other limitations in our project.

Basicly my problem consists of a function within Laravel that is used to check if the userdata is correct (Checks if the user can login) does not work for me because of my difference in encryption (Atleast that's my theory)

Auth::attempt(['username' => $username, 'password' => $password]

This function always returns false, no matter if the password is correct and I assume it's because of the difference in encryption.

Anybody know if there's a fix for this?

Classified
  • 560
  • 1
  • 7
  • 21
  • [Here](http://stackoverflow.com/questions/17710897/how-to-use-sha1-encryption-instead-of-bcrypt-in-laravel-4) you go. It's pretty easy to implement. – Andrei Jan 17 '17 at 12:41
  • I tried this, it doesn't seem to solve the problem. Auth::attempt still returns false no matter what. – Classified Jan 17 '17 at 13:24

2 Answers2

1
Auth::attempt(['username' => $username, 'password' => SHA256($password)]);

Here SHA256($password) you can call the function as the same which used for encryption and check it.

In this case, SHA256 (dummy function) will hash the password you passed and match the value.

EDIT 1

Sample Code for registration

$users = User::create([
'name' => $name,
'email' => $email,
....
....
'password' => SHA256($password)
 ]);

//to login with the above creds
Auth::login($users);

Now while login you can use the same SHA256 function to encrypt the input password and check with your database.

Arun Code
  • 1,548
  • 1
  • 13
  • 18
  • That's the problem, as far as I know Laravel automaticly grabs the 'password' and encrypts it which would essentially mean a double encryption? – Classified Jan 17 '17 at 13:02
  • so if you are using laravel `auth` function, it will by default make the password encrypt with `bcrypt`. The best thing you can do is to create a custom registration, then store the password value with `SHA256`. – Arun Code Jan 17 '17 at 13:24
  • The problem is not registration, it is logging in. When I attempt to login to my application at the moment it gives me no error at all and returns Auth::attempt as false. I've tried rewriting the hash library, but seems to be the same issue. – Classified Jan 17 '17 at 13:35
  • `auth attempt` will give false if the creds don't match. Can you show registration part in your controller and the function to encrypt the password? – Arun Code Jan 17 '17 at 13:37
  • Registration is basicly your example with 'Hash::make($password)' instead (NOTE: It has been overwritten to make sha256 encryptions) so basicly registration is hash('sha256', $password). The credentials match 100% but I can't check if the hashes match or atleast I don't know how to. – Classified Jan 17 '17 at 13:40
  • while login, `$input_password = hash('sha256', $password);` and then `Auth::attempt(['username' => $username, 'password' => $input_password]);` – Arun Code Jan 17 '17 at 13:42
0

I fixed this issue with the help of the above comments from Arun Code and Andrew.

For anyone else with this issue I suggest reading this

Community
  • 1
  • 1
Classified
  • 560
  • 1
  • 7
  • 21