Search code examples
phplaravelhashlaravel-4password-protection

Can't get Laravel registration form to store passwords with a hash

Laravel stores the username and email ok, but doesn't save anything for the password field when I add the hash function. My controller code:

public function store()
{
    $data = Input::only(['username','email','password' => Hash::make('password')]);

    $newUser = User::create($data);

    if($newUser)
    {
        Auth::login($newUser);
        return Redirect::route('profile');
    }
    return Redirect::route('user.create')->withInput();
}

With this code the database field for password is simply left blank after registering a new user. Plaintext password inserts ok once I remove the hash function. Passwords need to be stored in a hashed form after users submit their info. When I seed the database with artisan, the hash function works fine, but not when I use it in controller logic. Can someone help please?

EDIT: In User.php

protected $fillable = ['username','email','password'];
Solution

  • Okay, so besides the fact that the code you have above won't work, you're going about this the wrong way.

    Firstly, the method you're trying to do would be:

    $input = Input::only(['username', 'email', 'password']);
$input['password'] = Hash::make($input['password']);

    The approach you have of setting the value in only won't work, and besides that, you have Hash::make('password') which will make a hash of 'password' every time, not the variable, but the word. Input::only() accepts an array of field names to return, so it uses the values of the array, not the key. The array ['password' => Hash::make('password')] has the value of the hash of the word password, not 'password'.

    The best approach would be like this:

    $input = Input::only(['username', 'email', 'password']);
$user = User::create($input);

    Then, within your User model you have:

    public function setPasswordAttribute($value)
{
    $this->attributes['password'] = Hash::make($value);
}

    This means that you don't have to bother with hashing, and can trust that the model will do it for you.

    Also, if memory serves, Auth::login() accepts an integer, not a model, so it'd be Auth::login($newUser->id) to login the user who just registered, although I would highly recommend some sort of validation/activation via email.