2

I use hash check to compare between current password which is inputted by the user and current password which is stored in the database (Bcrypt)

Here is my source code

    $user = User::findOrFail($request->id);
    if (Hash::check($request->password, $user->password)) { 
       $user->fill([
        'password' => Hash::make($request->newPassword)
        ])->save();

       $request->session()->flash('success', 'Password changed');
        // return redirect()->route('your.route');
       echo "Hash match";

    } else {
        $request->session()->flash('error', 'Password does not match');
        // return redirect()->route('your.route');
        echo "Hash does not matched";
    }

My problem is the Hash:check always return false ("Hash does not matched")

I put the variable in hash check like this

Hash::check(new password plain text, bcrypt value in db)

Before the Hash check is called. I try to print the variable to investigate why it not working. I found my plain text of the new password is already sent and I already got the bcrypt password from the database as well. Everything looks fine it should be worked. I don't know what is my mistake. I follows a lot of topic on this site to solve my problem as I tried it does not work for me. Anyone, please help me.

Thank you.

Tridev Shrestha
  • 447
  • 7
  • 21
Rick_y
  • 83
  • 1
  • 5
  • Before using Hash::check , you have to handle this request. $user = User::findOrFail($request->id); whether $user returning record or not. – Dev Ramesh Feb 25 '19 at 06:50
  • `if ($user && Hash::check($request->password, $user->password)) {` – Beginner Feb 25 '19 at 07:10
  • Can you show the result of $user and $request->all(); Just to be sure. – kshitij Feb 25 '19 at 07:13
  • I added this echo "Current password = " . $user->password. "User ID" . $user->id; Here is the result Current password = $2y$10$9O1EzE4SxU7pZWBZd3KmGursvfuMROfe/DCG5jmNfLroOw66Vm5bSUser ID1 – Rick_y Feb 25 '19 at 09:12

2 Answers2

0

If you are using this with default Login Controller provided by auth,then you need not use this. Its automatically done by laravel itself.

Harinath R
  • 143
  • 2
  • 12
  • Yes I use default auth but, I created inside HomeController What do you mean "you need not use this. Its automatically done by laravel itself." and how can I solve this? – Rick_y Feb 25 '19 at 09:02
-1

You're using the wrong argument order.

Try this,

if (Hash::check($user->password, $request->password))
Udhav Sarvaiya
  • 9,380
  • 13
  • 53
  • 64
Harinath R
  • 143
  • 2
  • 12