Usage examples

Learn how to use Laravel Hash with practical examples and ready-to-use code.

Basic Examples

Simple Password Hash

Basic

The simplest example of how to create a password hash using Laravel Hash.

PHP 
use Illuminate\Support\Facades\Hash;

// Hash a password
$password = 'my-secret-password';
$hashedPassword = Hash::make($password);

// Resultado: $2y$10$92IXUNpkjO0rOQ5byMi.Ye4oKoEa3Ro9llC/.og/at2.uheWG/igi
echo $hashedPassword;

Password Verification

Basic

How to check if a password matches a stored hash.

PHP 
use Illuminate\Support\Facades\Hash;

$password = 'password-try';
$hashedPassword = '$2y$10$92IXUNpkjO0rOQ5byMi.Ye4oKoEa3Ro9llC/.og/at2.uheWG/igi';

// Check if the password is correct
if (Hash::check($password, $hashedPassword)) {
    // Correct password
    echo 'Valid password!';
} else {
    // Incorrect password
    echo 'Incorrect password!';
}

Use in Authentication

Basic

Example implementation of authentication with hash verification.

PHP 
use Illuminate\Support\Facades\Hash;
use App\Models\User;

// Login exemple
$email = $request->email;
$password = $request->password;

$user = User::where('email', $email)->first();

if ($user && Hash::check($password, $user->password)) {
    // Successful authentication
    auth()->login($user);
    return redirect('/dashboard');
}

return back()->withErrors([
    'email' => 'Invalid credentials.'
]);

Advanced Examples

Hash with Custom Settings

Advanced

Customize the cost of the bcrypt algorithm to increase security.

PHP 
use Illuminate\Support\Facades\Hash;

// Increase the cost of bcrypt for greater security
$hashedPassword = Hash::make('password', [
    'rounds' => 12, // Default is 10
]);

//Or use Argon2 with custom settings
$hashedPassword = Hash::make('password', [
    'memory' => 1024,
    'time' => 2,
    'threads' => 2,
]);

Rehash Verification Required

Advanced

Check if a hash needs to be updated to a more secure algorithm.

PHP 
use Illuminate\Support\Facades\Hash;

// Check if the hash needs to be updated
if (Hash::needsRehash($user->password)) {
    // Upgrade to more secure settings
    $user->password = Hash::make($request->password, [
        'rounds' => 12,
    ]);
    $user->save();
}

// Example in a middleware or login event
event('auth.login', function ($user) {
    if (Hash::needsRehash($user->password)) {
        $user->password = Hash::make($user->getAuthPassword());
        $user->save();
    }
});

Security Examples

Protection Against Timing Attacks

Security

Laravel Hash automatically protects against timing attacks.

PHP 
use Illuminate\Support\Facades\Hash;

// Hash::check() is safe against timing attacks
// Execution time is constant, regardless of the password

$userInput = 'user-password';
$storedHash = '$2y$10$92IXUNpkjO0rOQ5byMi.Ye4oKoEa3Ro9llC/.og/at2.uheWG/igi';

// This check is secure against timing attacks.
if (Hash::check($userInput, $storedHash)) {
    // Authenticate user
}

// NEVER do this (vulnerable to timing attacks):
// if ($userInput === $storedHash) { ... }

Migrating Old Hashes

Security

How to securely migrate old hashes (MD5, SHA1) to bcrypt.

PHP 
use Illuminate\Support\Facades\Hash;

// Secure migration of legacy hashes
$legacyHash = $user->password;
$inputPassword = $request->password;

// Check if it is a legacy hash (MD5 for example)
if (strlen($legacyHash) === 32 && ctype_xdigit($legacyHash)) {
    // Check against legacy MD5 hash
    if (md5($inputPassword) === $legacyHash) {
        // Migrate to bcrypt
        $user->password = Hash::make($inputPassword);
        $user->save();
        
        // Authenticate user
        auth()->login($user);
    }
} else {
    // Normal verification with bcrypt
    if (Hash::check($inputPassword, $legacyHash)) {
        auth()->login($user);
    }
}

Examples for Tests

Mock Hash in Tests

Tests

How to mock the Hash facade in Laravel unit tests.

PHP 
use Illuminate\Support\Facades\Hash;
use Tests\TestCase;

class UserRegistrationTest extends TestCase
{
    public function test_user_can_register()
    {
        // Mock da facade Hash
        Hash::shouldReceive('make')
            ->once()
            ->andReturn('hashed-password');

        $response = $this->post('/register', [
            'name' => 'John Doe',
            'email' => 'john@example.com',
            'password' => 'password',
            'password_confirmation' => 'password',
        ]);

        $response->assertRedirect('/home');
        
        $this->assertDatabaseHas('users', [
            'email' => 'john@example.com',
            'password' => 'hashed-password',
        ]);
    }
}

Password Verification Test

Tests

Testing password verification functionality in your controllers.

PHP 
use Illuminate\Support\Facades\Hash;
use Tests\TestCase;
use App\Models\User;

class LoginTest extends TestCase
{
    public function test_user_can_login_with_correct_credentials()
    {
        $user = User::factory()->create([
            'password' => Hash::make('correct-password'),
        ]);

        $response = $this->post('/login', [
            'email' => $user->email,
            'password' => 'correct-password',
        ]);

        $response->assertRedirect('/dashboard');
        $this->assertAuthenticatedAs($user);
    }

    public function test_user_cannot_login_with_incorrect_password()
    {
        $user = User::factory()->create([
            'password' => Hash::make('correct-password'),
        ]);

        $response = $this->post('/login', [
            'email' => $user->email,
            'password' => 'wrong-password',
        ]);

        $response->assertSessionHasErrors('email');
        $this->assertGuest();
    }
}

Ready to use Laravel Hash?

Start implementing secure hashing in your Laravel projects today.

Generate Hash View Documentation