How to compare two encrypted (bcrypt) passwords in Laravel?

In Laravel, you can use the Hash facade to securely work with passwords using bcrypt encryption. The Hash facade provides methods to hash passwords and verify plain text against hashed passwords.

Note: This tutorial requires Laravel framework setup. Install Laravel using composer create-project laravel/laravel myapp and configure your environment.

Hash Facade Setup

To work with the Hash facade, import it in your controller

use Illuminate\Support\Facades\Hash;

The hashing configuration is available in config/hashing.php where bcrypt is set as the default driver.

Hashing Passwords

Use the make() method to hash passwords. You can specify bcrypt rounds for additional security

<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;

class PasswordController extends Controller {
   public function hashPassword() {
      $hashed = Hash::make('password', [
         'rounds' => 15,
      ]);
      echo $hashed;
   }
}
?>

$2y$15$QKYQhdKcDSsMmIXZmwyF/.sihzQDhxtgF5WNiy4fdocNm6LiVihZi

Comparing Passwords with Hash::check()

The check() method compares plain text with a hashed password, returning true for matches and false for mismatches

Matching Password Example

<?php
namespace App\Http\Controllers;
use Illuminate\Support\Facades\Hash;

class PasswordController extends Controller {
   public function verifyPassword() {
      $hashed = Hash::make('password');
      
      if (Hash::check('password', $hashed)) {
         echo "Password matching";
      } else {
         echo "Password is not matching";
      }
   }
}
?>

Password matching

Non-matching Password Example

<?php
namespace App\Http\Controllers;
use Illuminate\Support\Facades\Hash;

class PasswordController extends Controller {
   public function verifyWrongPassword() {
      $hashed = Hash::make('password');
      
      if (Hash::check('password123', $hashed)) {
         echo "Password matching";
      } else {
         echo "Password is not matching";
      }
   }
}
?>

Password is not matching

Comparing Multiple Hashed Passwords

Even when hashing the same text twice, bcrypt generates different hashes due to salt. However, check() can verify against both

<?php
namespace App\Http\Controllers;
use Illuminate\Support\Facades\Hash;

class PasswordController extends Controller {
   public function compareMultipleHashes() {
      $hash1 = Hash::make('mypassword');
      $hash2 = Hash::make('mypassword');
      
      if (Hash::check('mypassword', $hash1) && Hash::check('mypassword', $hash2)) {
         echo "Password matching";
      } else {
         echo "Password not matching";
      }
   }
}
?>

Password matching

Using bcrypt() Helper Function

Laravel also provides a bcrypt() helper function as an alternative to Hash::make()

<?php
namespace App\Http\Controllers;
use Illuminate\Support\Facades\Hash;

class PasswordController extends Controller {
   public function useBcryptHelper() {
      $hashedText = bcrypt('mypassword');
      
      if (Hash::check('mypassword', $hashedText)) {
         echo 'Password matches';
      } else {
         echo 'Password not matching';
      }
   }
}
?>

Password matches

Conclusion

Laravel's Hash facade provides secure password comparison using Hash::check() method. Always hash passwords with Hash::make() or bcrypt() and verify them using Hash::check() for secure authentication.