Question 17270 in Laravel Question posted in
The official Laravel Documentation can be found here.

How to encrypt password from login input in Laravel?

I am working on a small Laravel application, the problem is with the login, it works fine, but I just found out that the password can be seen if you have the basic knowledge to inspect the request payload. I want to know how can I encrypt the password or what solution can there be for this.

Blade file:

<form role="form" method="POST" action="{{ route('Login') }}">
   @csrf

   <div class="form-group{{ $errors->has('email') ? ' has-danger' : '' }} mb-3">
      <div class="input-group input-group-alternative">
         <div class="input-group-prepend">
            <span class="input-group-text"><i class="ni ni-email-83"></i></span>
         </div>
         <input class="form-control{{ $errors->has('email') ? ' is-invalid' : '' }}" placeholder="{{ __('Correo') }}" type="email" name="email" value="{{ old('email') }}" value="[email protected]" required autofocus>
      </div>
      @if ($errors->has('email'))
         <span class="invalid-feedback" style="display: block;" role="alert">
            <strong>{{ $errors->first('email') }}</strong>
         </span>
      @endif
      </div>
      <div class="form-group{{ $errors->has('password') ? ' has-danger' : '' }}">
         <div class="input-group input-group-alternative">
            <div class="input-group-prepend">
               <span class="input-group-text"><i class="ni ni-lock-circle-open"></i></span>
            </div>
            <input class="form-control{{ $errors->has('password') ? ' is-invalid' : '' }}" name="password" placeholder="{{ __('Contraseña') }}" type="password" required>
         </div>
           @if ($errors->has('password'))
              <span class="invalid-feedback" style="display: block;" role="alert">
                  <strong>{{ $errors->first('password') }}</strong>
              </span>
           @endif
      </div>
      <div class="text-center">
         <button type="submit" class="btn btn-primary my-4">{{ __('Iniciar sesión') }}  </button>
      </div>
</form>

Login controller:

public function Login(Request $request)
{
    $credentials = $this->validate(request(),[
        'email'=>'email|required|string',
        'password'=>'required|string'
    ]);

    try
    {
        if(Auth::attempt($credentials))
        {
            $roleStdClass = DB::table('users')->where('email', $credentials['email'])->select('role_idrole')->first();

            $role = current((array) $roleStdClass);

            session(['rol'=> $role]);

            $id = DB::table('users')->where('email', $credentials['email'])->select('id')->first();
            $imgRoute = DB::table('users')->where('email', $credentials['email'])->select('photo')->first(); 
            $idConvert = current((array) $id);
            $userPhoto = current((array) $imgRoute);
            session(['id'=> $idConvert]);
            session(['userEmail' => $credentials['email']]);
            session(['userPhoto' => $userPhoto]);

            if($role == 3)
            {
                return redirect()->route('main');
            }

            return redirect()->route('home');
        }
        else
        {
            return back()->withErrors(['email' => trans('auth.failed')]);
        }   

    }catch(Exception $ex)
    {
        return back()->withErrors(['email' => trans('auth.failed')]);
    }
}

I really don’t know how to solve this, any help would be appreciated.

Tags:

2

Answers


  1. 0

    Try it :

    'password' => Hash::make($request->yourpassword)
    Login or Signup to reply.
  2. 0

    You need to check user once. With password you can check like this:

    use IlluminateSupportFacadesHash;

$userValidated = DB::table('users')->where(['email' => $credentials['email'],'password'=> Hash::make($credentials['password'])])->first();
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search