Anik Anik - 2 months ago 8
PHP Question

md5 hashed password pass to JWTAuthentication credential variable

I am trying to use JWTAutnetication to create restful api.
Following code gets the request input fields

//Step1:
$credentials = $request->only('email', 'password');


Password needs to be hashed using md5 as this is how it is stored inside the db.

//Step2:
$token = JWTAuth::attempt($credentials)


This is giving error as it can not match the password stored in db. So I am guessing if I can encrypt the password on step 1 , step 2 will be able to authenticate.

How to pass md5 encrypted variable inside $credential variable?

Answer

I'm not sure what the only method is returning, but I'm assuming it's an associative array. You can use php's built in md5 method. Probably something like:

$credentials['password'] = md5($credentials['password']);

If you have control over the hashing algorithm however you may consider changing to something other than md5, such as bcrypt which php also supports out of the box since 5.5 with the password_hash function. MD5 is vulnerable to things like key collision attacks and bcrypt has some nice features such as a work factor that can make it much more difficult to brute force.

Comments