The Laravel Hash
facade provides secure Bcrypt hashing for storing user passwords. If you are using the AuthController
controller that is included with your Laravel application, it will be take care of verifying the Bcrypt password against the un-hashed version provided by the user.
Bcrypt is a great choice for hashing passwords because its "work factor" is adjustable, which means that the time it takes to generate a hash can be increased as hardware power increases.
You may hash a password by calling the make
method on the Hash
facade:
<?php namespace App\Http\Controllers;
use Hash;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
class UserController extends Controller
{
/**
* Update the password for the user.
*
* @param Request $request
* @param int $id
* @return Response
*/
public function updatePassword(Request $request, $id)
{
$user = User::findOrFail($id);
// Validate the new password length...
$user->fill([
'password' => Hash::make($request->newPassword)
])->save();
}
}
Alternatively, you may also use the bcrypt
helper function:
bcrypt('plain-text');
The check
method allows you to verify that a given plain-text string matches to a given hash. However, if you are using the AuthController
included with Laravel, you will probably not need to use this directly, as the included authentication controller automatically calls this method:
if (Hash::check('plain-text', $hashedPassword)) {
// The passwords match...
}
The needsRehash
function allows you to determine if the work factor used by the hasher has changed since the password was hashed.
if (Hash::needsRehash($hashed)) {
$hashed = Hash::make('plain-text');
}