"""Have I gone about it in a ridiculous way?"""

Kind of, laravel has a built in auth method so no need to query the DB directly like that. There is a better way

Just so you know.... Your method likely won't find a user because you are checking the plain text version of the password as the user enters it into a form and comparing it to, what I hope, is an encrypted password stored in the DB.

The better way is to use the built in auth method.

public function authUser() {
  if(Auth::attempt(array('email' => Input::get('email'), 'password' => Input::get('password')), true)) {
    return Redirect::intended('home')->with('message', 'Login Success');
  } else {
    return Redirect::route('login')->with('message', 'Login Failed');
  }
}

Thanks for your reply, IanSirkit.

"[...]what I hope, is an encrypted password stored in the DB."

Unfortunately not - all passwords are plaintext (it goes without saying, I've inherited an absolute mess).

That's the next thing on my list to sort but at the moment I'm just trying to get everything working so I can then go back and improve wherever possible.

So, thank you very much for the advice with Auth, but it won't work in this case unfortunately.