Hashing
Introduction
The Laravel Hash facade provides secure Bcrypt hashing for storing user passwords. If you are using the AuthController controller that is included with your Laravel application, it will automatically use Bcrypt for registration and authentication.
Bcrypt is a great choice for hashing passwords because its "work factor" is adjustable, which means that the time it takes to generate a hash can be increased as hardware power increases.
Basic Usage
You may hash a password by calling the make method on the Hash facade:
1<?php 2 3namespace App\Http\Controllers; 4 5use Hash; 6use App\User; 7use Illuminate\Http\Request; 8use App\Http\Controllers\Controller; 9 10class UserController extends Controller11{12 /**13 * Update the password for the user.14 *15 * @param Request $request16 * @param int $id17 * @return Response18 */19 public function updatePassword(Request $request, $id)20 {21 $user = User::findOrFail($id);22 23 // Validate the new password length...24 25 $user->fill([26 'password' => Hash::make($request->newPassword)27 ])->save();28 }29}Alternatively, you may also use the global bcrypt helper function:
1bcrypt('plain-text');Verifying A Password Against A Hash
The check method allows you to verify that a given plain-text string corresponds to a given hash. However, if you are using the AuthController included with Laravel, you will probably not need to use this directly, as the included authentication controller automatically calls this method:
1if (Hash::check('plain-text', $hashedPassword)) {2 // The passwords match...3}Checking If A Password Needs To Be Rehashed
The needsRehash function allows you to determine if the work factor used by the hasher has changed since the password was hashed:
1if (Hash::needsRehash($hashed)) {2 $hashed = Hash::make('plain-text');3}