Laravel/Lumen comes with Hash facade that provides the secure Bcrypt & Argon2 hashing for storing user string passwords.
Default Laravel Login & Register Controllers uses Bcrypt for authentication.
Let’s take a look at the basic implementation:
<?php
namespace App\Http\Controllers;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
class UserController extends Controller
{
/**
* Update the password for the user.
*
* @param Request $request
* @return Response
*/
public function update(Request $request)
{
$request->user()->fill([
'password' => Hash::make($request->newPassword)
])->save();
}
/**
* Check stored password
*
* @param Request $request
* @return Response
*/
public function check(Request $request)
{
$user = User::where('email', '=', 'hello@email.com')->first();
if ($user) {
if (Hash::check($request->get('password'), $user->password) {
// unauthenticated
return ['error' => 'unauthenticated'];
}
}
return [];
}
}
