Support the ongoing development of Laravel.io →
Authentication Security Requests
Last updated 2 years ago.
0

Your csrf token might be refreshing with every page view. Can you double check that?

0

thomastkim said:

Your csrf token might be refreshing with every page view. Can you double check that?

Thank you for the reply! How would I do that? I'm sorry but I'm pretty new to this :P

0

This line of code {!! csrf_field() !!} generates a hidden input field with a randomized value. That value is your csrf token. It should regenerate every session (not every page view), but some people have complained about it regenerating every page view. You should see it in your source code / HTML. Open the page. Take a look at the token (right-click, inspect element). Refresh it and see if it changes.

Last updated 9 years ago.
0

thomastkim said:

This line of code {!! csrf_field() !!} generates a hidden input field with a randomized value. That value is your csrf token. It should regenerate every session (not every page view), but some people have complained about it regenerating every page view. You should see it in your source code / HTML. Open the page. Take a look at the token (right-click, inspect element). Refresh it and see if it changes.

The token remained the same after I refreshed the login view.

0

Okay. First thing you need to do is put your error message inside your body. There should not be anything between your head and body.

Second thing you need to do is assign a name to your password input.

<input type="password" placeholder="Password" id="password" name="password">
0

thomastkim said:

Okay. First thing you need to do is put your error message inside your body. There should not be anything between your head and body.

Second thing you need to do is assign a name to your password input.

<input type="password" placeholder="Password" id="password" name="password">

Thank you for your response! I've done the changes you said but the same error still persists. My login page still reloads after clicking submit.

0

Are you using the default AuthController? If so, it expects the user to submit an email and not a username. If you want the user to login with a username, then you need to add this in your AuthController.

    protected $username = 'username';
0

Thank you for your response! I've added that line into my AuthController like so:

class AuthController extends Controller
{
    /*
    |--------------------------------------------------------------------------
    | Registration & Login Controller
    |--------------------------------------------------------------------------
    |
    | This controller handles the registration of new users, as well as the
    | authentication of existing users. By default, this controller uses
    | a simple trait to add these behaviors. Why don't you explore it?
    |
    */

    use AuthenticatesAndRegistersUsers, ThrottlesLogins;

    protected $redirectPath = '/registered';
    protected $loginPath = '/fail';
    protected $name = 'name';
    /**
     * Create a new authentication controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('guest', ['except' => 'getLogout']);
    }

    /**
     * Get a validator for an incoming registration request.
     *
     * @param  array  $data
     * @return \Illuminate\Contracts\Validation\Validator
     */
    protected function validator(array $data)
    {
        return Validator::make($data, [
            'name' => 'required|max:255',
            'email' => 'required|email|max:255|unique:users',
            'password' => 'required|confirmed|min:6',
        ]);
    }

    /**
     * Create a new user instance after a valid registration.
     *
     * @param  array  $data
     * @return User
     */
    protected function create(array $data)
    {
        return User::create([
            'name' => $data['name'],
            'email' => $data['email'],
            'password' => bcrypt($data['password']),
        ]);
    }
}

Is this correct? I've changed it to 'name' instead of 'username' because the column in my database is called 'name'. Also, I've made changes to the login.blade.php too, changing the field name of 'username' into 'name' like so:

<!DOCTYPE html>
<html>
<head>
    <meta charset="UTF-8">
    <title>TERMS</title>

    <link href="{!! asset('css/style.css') !!}" media="all" rel="stylesheet" type="text/css" />
</head>


<body>
    <ul>
    @foreach($errors->all() as $error)
        <li>{{ $error }}</li>
    @endforeach
</ul>
    <div class="wrapper">
        <div class="container">
            <h1>TERMS</h1>

            <form class="form" method="POST" action="/auth/login">
                {!! csrf_field() !!}
                <input type="text" placeholder="Username" name="name" id="name">
                <input type="password" placeholder="Password" id="password" name="password">
                <button type="submit">Login</button>
            </form>
        </div>
    
    <ul class="bg-bubbles">
        <li></li>
        <li></li>
        <li></li>
        <li></li>
        <li></li>
        <li></li>
        <li></li>
        <li></li>
        <li></li>
        <li></li>
    </ul>        
    </div>

However, the same problem still persists :( I really appreciate your input thus far though :)

0

Change it to:

protected $username = 'name';
0

thomastkim said:

Change it to:

protected $username = 'name';

OH MY GOD IT WORKED! THANK YOU SO MUCH!! YOU HAVE NO IDEA HOW MUCH THIS MEANS TO ME:D:D:D THANK YOU AGAIN!

0

Hey @thomastkim...you are great!!

protected $username = 'name';

This line solved my issue too..Thank you very much

0

thomastkim said:

Change it to:

protected $username = 'name';

thank u very much my friend

0

Sign in to participate in this thread!

Eventy

Your banner here too?

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2024 Laravel.io - All rights reserved.