Support the ongoing development of Laravel.io →
Authentication Security Laravel
Last updated 3 months ago.
0

It is always a better practice to create your own code for authentication/ registration as you will need to make some alterations in flow of authentication which will get over-written when you update/upgrade laravel application. I Prefer to create controllers inside Auth to handle my Login and Registration. I am pasting a code snippet for Login along with routes for better understanding.

Route::get('login', 'Auth\[email protected]');

Route::post('login', 'Auth\[email protected]');

Route::get('logout', 'Auth\[email protected]');

    
 <?php

    namespace App\Http\Controllers\Auth;

    use App\Http\Controllers\Controller;
    use Illuminate\Foundation\Auth\AuthenticatesUsers;
    use Illuminate\Http\Request;
    use Illuminate\Support\Facades\Auth;

    class LoginController extends Controller
    {
        /*
        |--------------------------------------------------------------------------
        | Login Controller
        |--------------------------------------------------------------------------
        |
        | This controller handles authenticating users for the application and
        | redirecting them to your home screen. The controller uses a trait
        | to conveniently provide its functionality to your applications.
        |
        */

        use AuthenticatesUsers;

        /**
         * Where to redirect users after login.
         *
         * @var string
         */
        protected $redirectTo = '/home';

        /**
         * Create a new controller instance.
         *
         * @return void
         */
        public function __construct()
        {
          $this->middleware('guest')->except('logout');
        }

        public function showLoginForm()
        {
          return view('auth.login');
        }
        public function login(Request $request)
        {
          if (Auth::attempt(
           ['email' => $request['email'],
           'password' => $request['password'],
           ], 1)) {
            return redirect('home');
               
        } else {
          return redirect('login')->with('message', 'Login Failed');
        }
      }

      public function logout(Request $request)
      {
        $this->guard()->logout();

        $request->session()->flush();

        $request->session()->regenerate();

        return redirect('/login');
      }
    }


Last updated 4 years ago.
0

Thanks for the answer,

i have an auth controller as you describe my problem is, that Auth::attempt checks the same database table for the username/email and password, but i need the username and the password in two seperated tables.

0

In that case try doing it with DB OR Models by joining two tables where you have stored username and password stored. Check if that combination exist. I am considering that you have a user table where users are stored and a password table which has username/id as foreign key from user table. A sample query may look like.

$user=DB::table('users')::join('password','password.username','users.username')
->where('username',$request->input('username'))
->where('password',$request->input('password'))
->first();

if user object is empty then user is not autheniticated other you can log in the user using login function of Auth class. Auth::login($user);

0

Okay thank you, i will give this a try.

0

Sign in to participate in this thread!

LaraJobs

Your banner here too?

Marcel Wirtz Marcel Wirtz pyr0t0n Joined 1 Sep 2017

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

The Laravel portal for problem solving, knowledge sharing and community building.

© 2022 Laravel.io - All rights reserved.