Support the ongoing development of Laravel.io →
Authentication Security
Last updated 7 months ago.
0

Did you changed 'password' column name in database?

Last updated 7 months ago.
0

can you paste the code involved with getting the data and passing it to Auth::attempt

Last updated 7 months ago.
0

i didnt change 'password' coulmn name in data base!!!

doLogin Function that authenticate users is :

public function doLogin() {

    $rules = array(
        'email'    => 'required|email', 
        'password' => 'required|alphaNum' 
    );

   
    $validator = Validator::make(Input::all(), $rules);

  
    if ($validator->fails()) {
        return Redirect::to('login')
            ->withErrors($validator) // send back all errors to the login form
            ->withInput(Input::except('password')); // send back the input (not the password) so that we can repopulate the form
    } else {

        // create our user data for the authentication
        $userdata = array(
            
            'password'  => Input::get('password'),
            'email'     => Input::get('email')
        );
        


        // attempt to do the login
        if (Auth::attempt($userdata,true)) {

            // validation successful!
            // redirect them to the secure section or whatever
            // return Redirect::to('secure');
            // for now we'll just echo success (even though echoing in a controller is bad)
            //return Redirect::to('Home');
            echo 'SUCCESS!';
            echo  Auth::user()->uname;

        } else {

            // validation not successful, send back to form
            echo "string";

        

    }
}

}

Last updated 7 months ago.
0

Is the password hashed in the db ?

Last updated 7 months ago.
0

no its not hashe

Last updated 7 months ago.
0

First off: hash your passwords! Always a good idea. Second: allow for passwords to be any character, not just alphaNum.

So it's not the validator that fails, but the login attempt?

I suspect your auth.php config file specifies the right model and the model has the right table name?

Last updated 7 years ago.
0

Could you view the laracast video on this, it would really clear up some stuff.

0

You need to have the passwords hashed in the db to use Auth::attempt. It compares the hashed value.

Laravel Docs - Security - Storing Passwords

Last updated 7 years ago.
0

Well observed, @lagbox! =)

Last updated 7 years ago.
0

i hashed the password ,but my problem dont solve,

is it true my validation code after my password saved hashe? $userdata = array(

            'password'  => Input::get('password'),
            'email'     => Input::get('email')
        );
        


    
        if (Auth::attempt($userdata)) {

           
            echo 'SUCCESS!';
     

        } else {

           
            echo "Fail";
0

Might I ask how you hashed your password?

0

yes, i used $password = Hash::make(Input::get("password","")); then i saved it :$user=new User(); $user->password=$password;

0

What is the size/length of your password field in your database, it needs to be at least 60 characters to be big enough to store the hashed password. If it's too short, the hash will be incomplete and auth::attempt will never succeed.

0

its 100 character , when i hashed a password and saved in db,is not require to rehash this password and check with the users password in the login form???!!!

Last updated 7 years ago.
0

No, only hash the password when saving it to the database, don't hash it again when you try to log them in.

0

thanks my problem solve! after i hashed password and extend character of password field , my problem solved but i had a brief mistake in my code,

0

saghafi said:

thanks my problem solve! after i hashed password and extend character of password field , my problem solved but i had a brief mistake in my code,

Also, do not forget about remember_token.

http://laravel.com/docs/4.2/security

0

I am getting this error in lumen 5.6

Method Illuminate\Auth\RequestGuard::attempt does not exist.

My controller class

namespace App\Http\Controllers\Api;

use Illuminate\Http\Request;

use App\Http\Controllers\Controller;

use Illuminate\Support\Facades\Route;

use Illuminate\Support\Facades\DB;

use App\User;

use Auth;

Use Validator;

class UserController extends Controller {

//use AuthenticatesUsers;
public function login(Request $request)
{
    if(Auth::attempt(['email' => request('email'), 'password' => request('password'), 'users_status_id' => '1']))
    {
       
       // return json_encode($user);
        $request->request->add([
                                'grant_type'    => 'password',
                                'client_id'     => config('global.API_CLIENT_ID'),
                                'client_secret' => config('global.API_CLIENT_SECRET'),
                                'scope' => '*'
                               ]);

        // forward the request to the oauth token request endpoint
        $tokenRequest = Request::create('/oauth/token','post');
        return $passport_response_arr =  Route::dispatch($tokenRequest);

    }
    else{
        return response()->json(['error' => 'Unauthorised']);
    }
}

}

Last updated 4 years ago.
0

Sign in to participate in this thread!

LaraJobs

Your banner here too?

saghafi saghafi Joined 29 Sep 2014

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2022 Laravel.io - All rights reserved.