How to compare two encrypted (bcrypt) passwords in Laravel?

Laravel PHP Server Side Programming

In Laravel, you can make use of the Hash facade module to work with passwords. It has bcrypt for helping you store your passwords securely.

The Hash facade bcrypt() method is a powerful way to hash a password. It prevents malicious users from breaking the password generated using bcrypt().

The hashing details are available inside config/hashing.php. The default driver has bcrypt() as the hashing to be used.

Hashing Passwords

To work with Hash Facade you need to include the class:

Illuminate\Support\Facades\Hash

Example

To hash passwords you can use the make() method. Here is an example of a hash password

<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Models\Student;
use Illuminate\Support\Facades\Hash;

class StudentController extends Controller {
   public function index() {
      echo $hashed = Hash::make('password', [
         'rounds' => 15,
      ]);
   }
}

Output

The output of the above code is

$2y$15$QKYQhdKcDSsMmIXZmwyF/.sihzQDhxtgF5WNiy4fdocNm6LiVihZi

Verifying if the password matches with a hashed password

To verify the plain text i.e the text used in Hash::make is matching with the hashed one is to use check() method.

The check() method returns true if the plain text matches the hashed password and false if it's not matching.

<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Models\Student;
use Illuminate\Support\Facades\Hash;

class StudentController extends Controller {
   public function index() {
      $hashed = Hash::make('password', [
         'rounds' => 15,
      ]);
      if (Hash::check('password', $hashed)) {
         echo "Password matching";
      } else {
         echo "Password is not matching";
      }
   }
}

Output

The output of the above code is

Password matching

Using the check() method

Let us now test by giving the wrong plain text and see the check() method response.

<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Models\Student;
use Illuminate\Support\Facades\Hash;

class StudentController extends Controller {
   public function index() {
      $hashed = Hash::make('password', [
         'rounds' => 15,
      ]);
      if (Hash::check('password123', $hashed)) {
         echo "Password matching";
      } else {
         echo "Password is not matching";
      }
   }
}

The plain text that we used in hashing is “password”. Inside the check method, we used "password123", since the text is not matching with hashed text it gives the output "Password is not matching".

Output

When you execute inside the browser the output will be –

Password is not matching

Hashing the password twice

Let us now hash the same text twice and compare it in the check() method −

$testhash1 = Hash::make('mypassword');
$testhash2 = Hash::make('mypassword');
   
if (Hash::check('mypassword', $testhash1) && Hash::check('mypassword', $testhash2)) {
   echo "Password matching";
} else {
   echo "Password not matching";
}

You can test the complete code in the browser as shown below −

<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Models\Student;
use Illuminate\Support\Facades\Hash;

class StudentController extends Controller {
   public function index() {
      $testhash1 = Hash::make('mypassword');
      $testhash2 = Hash::make('mypassword');
      if (Hash::check('mypassword', $testhash1) && Hash::check('mypassword', $testhash2)) {
         echo "Password matching";
      } else {
         echo "Password not matching";
      }
   }
}

Output

The output of the above code is −

Password matching

Using the bcrypt() method

You can also try using the bcrypt() method and test the plain text with hashed one using Hash::check().

<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Models\Student;
use Illuminate\Support\Facades\Hash;

class StudentController extends Controller {
   public function index() {
      $hashedtext = bcrypt('mypassword');
      if (Hash::check('mypassword', $hashedtext)) {
         echo 'Password matches';
      } else{
         echo 'Password not matching';
      }
   }
}

Output

The output of the above code is –

Password matches

Shilpa Kalangutkar

Updated on: 30-Aug-2022

6K+ Views

Kickstart Your Career

Get certified by completing the course

Get Started