php – Is Laravel's security feature unsafe?

I am a junior developer of web applications. I do not know much about Laravel. But I have been building a web application using the ASP.NET stack. From what I have understood, many security experts do not recommend the MD5 to secure any application.

My senior PHP developer has started a new project with Laravel and decided do not use Laravel's security function in explaining the reason why so many developers are using Laravel's framework. For that reason, think that the Lavavel Security feature is not secure enough because anyone can discover the security hole. I do not agree with him.

I opposed your decision to use MD5 to create custom authentication and a custom session and middleware for authorization and I think it is not as secure as the Laravel security feature.

So, here is the way in which authentication is handled. When a user is registering, enter the user name and password with MD5 and store them in a table. For authentication, the user enters the user name and password with MD5 and makes a selection statement to compare.

Here is the code for authentication and storage of authentication information and roles in the session:

validate([
      'username' => 'required',
      'password' => 'required',
    ]);

$ username = md5 ($ request-> username);
$ upass = md5 ($ request-> password);

$ employee = DB :: table (& # 39; employee & # 39;)
-> select (& # 39; uuid & # 39 ;, & # 39; login_username & # 39 ;, & # 39; title & # 39 ;,
& # 39; given_name & # 39 ;, & # 39; last name & # 39;)
-> where ([
      ['login_username_encrypt', '=', $user_name],
      ['password', '=', $upass ]
    ]) -> first ();

$ employee_priv = DB :: table (& # 39; employee_privilege & # 39;)
-> where ([
      ['employee_uuid', '=', $employee->uuid]
    ]) -> first ();

yes ($ employee) {
// create session for the connected user
$ user_name = $ employee-> given_name. & # 39; & # 39; $ employee-> last name;

// construction privilege
$ privilegil. = "- $ employee_priv-> manager";
$ privilegil. = "- $ employee_priv-> saleperson";
$ privilegil. = "- $ employee_priv-> secretary";


// set session data
$ user_name = $ employee-> given_name. & # 39; & # 39; $ employee-> last name;
session(['isLoggedIn' => TRUE]);
session(['uuid' => $employee->uuid]);
session(['user_name' => $user_name]);
session(['emp_privilege' => $privilege]);

return redirection (& # 39; dashboard & # 39;);
} else {
return redirect (& # 39; login & # 39;)
-> with (& # 39; login_failed & # 39 ;, & # 39; Your username or password is wrong, try again. & # 39;);
}
}

public function logout () {
session () -> flush ();
return redirect (& # 39; login & # 39;);
}

public function resetPassword () {
return view (& # 39; resetPassword & # 39;);

}

}

My question is: Is not Laravel's safety really safe as he thinks? Is your personalized authentication and authorization better than Laravel Security?