I followed this tutorial to create dynamic email settings stored on db.
https://kayike.medium.com/enable-unique-and-dynamic-smtp-mail-settings-for-each-user-laravel-48e320d381ec
The only problem is that the password is not encrypted. I would like to encrypt it before storing on db and decrypt it before using on MailServiceProvider.
I tried to use bcrypt but it can't be de-crypted. Any suggestions?
Thanks
see the docs for encryption: https://laravel.com/docs/8.x/encryption
encrypting password:
$encrypted = crypt::encryptString($password);
//store this to database
decrypting password:
$decrypted_password = crypt::decryptString($encrypted);
//use this for mailer settings
Note: don't forget to use namespace Illuminate\Support\Facades\Crypt;
in the controller
Additional Note for bcrypt:
encryption-decryption is different than hashing, bcrypt is a hashing formula which can't be decrypted (one way process).
Related
I have default auth implemented in Laravel 7 and works like a charm.
However, I have a very peculiar requirement wherein, the password shouldn't even travel in plain text although SSL is implemented on network.
One way would be to handle it via javascript on login page wherein I encrypt the value of password and send the same to server and then decrypt the same in php before handing it to laravel attemptLogin method.
However, I am not so sure about this approach.
Any help would be awesome.
Solution:
On client side, used crypt.js/aes.min.js and encrypted the password using a key and iv.
In login controller, overrode credentials method and decrypted using openssl_decrypt before passing on to hash check.
This is already discussed on this answer:
It is standard practice to send "plaintext" passwords over HTTPS. The
passwords are ultimately not plaintext, since the client-server
communication is encrypted as per TLS.
And this one:
If you hash on the client side, the hashed password becomes the actual
password (with the hashing algorithm being nothing more than a means
to convert a user-held mnemonic to the actual password).
This means that you will be storing the full "plain-text" password
(the hash) in the database, and you will have lost all benefit of
hashing in the first place.
You may also read this answer for more security options.
I solved it as below:
On client side, used crypt.js/aes.min.js and encrypted the password using a key and iv.
In login controller, overrode credentials method and decrypted using openssl_decrypt before passing on to hash check.
I have a a property stored unencrypted and I'd like to implement that going forward this specific property is encrypted when it's saved. It's also going to be unencrypted when presented in a blade view.
My question is: is the APP_KEY the only thing that's unique that's used for Laravel's Crypt facade?
In other words: if I take the unencrypted values from production, encrypt them locally with the same APP_KEY and then put them back in the prod database, will I be able to then decrypt them successfully on the production server?
As long as you use the same APP_KEY on both (various) systems you should be able to en-/decrypt your data successfully.
if I take the unencrypted values from production, encrypt them locally with the same APP_KEY and then put them back in the prod database, will I be able to then decrypt them successfully on the production server
Yes.
You can see this, when getting the Encrypter service, that it injects the config key / APP_KEY here via calling the parseKey method.
So when calling the encrypt method it already has the application key, $this->key, ready to be applied.
I need my users to use their laravel's account password in another nginx server (for http authentication) which uses crypt encription. How can I do this conversion? Is that even possible?
Encrypting passwords is bad practice since it's reversible. Always store them in an irreversible format, e.g. hashes.
If you still want to encrypt the passwords, you should write a custom user provider.
Laravel 5.0
I want to encrypt some data in the database using not only the application key but also the users password or any other string that HE will provide.
The reason is that i want only him to be able to decrypt the data.
How would i go about it?
-Use Javascript and encrypt the password locally and then send it to the server?
or
-Send the text that user enters directly to the server?
All traffic will be upon HTTPS
// Encrypt
$key = md5(Config::get('app.key') . $userString);
Crypt::setKey($key);
$encypted = Crypt::encrypt($input);
// decrypt
$key = md5(Config::get('app.key') . $userString);
Crypt::setKey($key);
$decypted = Crypt::decrypt($encypted);
I am new to magento.
In my site, I want to create new profile module.
In my new module have like this fields also
current password
new password
confirm new password.
By default the password stored encrypt password like this 24d2f566950ed1af94c01d1ec5ce0f48:2e.
My Question is How to encrypt password like this in magento?
To get a password hash like Magento does it you can use the Encryption model in Core like so:
$password = 'test';
$encrypted = Mage::getSingleton('core/encryption')->getHash($password);
If you'd like to validate the encrypted value with the plain password you can do so using the same model:
Mage::getSingleton('core/encryption')->validateHash($password, $encrypted);
Replace encpt password in database "admin_user" table with all default setting:
temp password: admin123#
encpt password: 3bfea6f5ac1c57c3ce9a9165338cbc5c:CA1Byy3NifFoWVhjBxI3mD2bgAnj4qn7
sometime it does not work on Chrome:
http://www.customerparadigm.com/easy-fix-for-chrome-magento-admin-login/
Thanks