Hashing

Introduction

The Laravel Hash facade provides secure Bcrypt hashing for storing user passwords. If you are using the built-in LoginController and RegisterController classes that are included with your Laravel application, they will automatically use Bcrypt for registration and authentication.

{tip} Bcrypt is a great choice for hashing passwords because its "work factor" is adjustable, which means that the time it takes to generate a hash can be increased as hardware power increases.

Basic Usage

You may hash a password by calling the make method on the Hash facade:

  1. <?php
  3. namespace App\Http\Controllers;
  5. use Illuminate\Http\Request;
  6. use Illuminate\Support\Facades\Hash;
  7. use App\Http\Controllers\Controller;
  9. class UpdatePasswordController extends Controller
  10. {
  11.     /**
  12.      * Update the password for the user.
  13.      *
  14.      * @param  Request  $request
  15.      * @return Response
  16.      */
  17.     public function update(Request $request)
  18.     {
  19.         // Validate the new password length...
  21.         $request->user()->fill([
  22.             'password' => Hash::make($request->newPassword)
  23.         ])->save();
  24.     }
  25. }

Verifying A Password Against A Hash

The check method allows you to verify that a given plain-text string corresponds to a given hash. However, if you are using the LoginController included with Laravel, you will probably not need to use this directly, as this controller automatically calls this method:

  1. if (Hash::check('plain-text', $hashedPassword)) {
  2.     // The passwords match...
  3. }

Checking If A Password Needs To Be Rehashed

The needsRehash function allows you to determine if the work factor used by the hasher has changed since the password was hashed:

  1. if (Hash::needsRehash($hashed)) {
  2.     $hashed = Hash::make('plain-text');
  3. }