Try to bypass it in a number of ways. Plus. https://www.owasp.org/index.php/Web_Application_Security_Testing_Cheat_Sheet
My problem is that my login doesn't work and I can't understand because.
Here's my auth controller, that works, does your look something like this?
<?php namespace App\Http\Controllers\Auth;
use Illuminate\Http\Request;
use App\Http\Requests\RegisterRequest;
use App\Http\Controllers\Controller;
use Illuminate\Contracts\Auth\Guard;
use Illuminate\Contracts\Auth\Registrar;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
class AuthController extends Controller {
/*
|--------------------------------------------------------------------------
| Registration & Login Controller
|--------------------------------------------------------------------------
|
| This controller handles the registration of new users, as well as the
| authentication of existing users. By default, this controller uses
| a simple trait to add these behaviors. Why don't you explore it?
|
*/
use AuthenticatesAndRegistersUsers;
/**
* Create a new authentication controller instance.
*
* @param \Illuminate\Contracts\Auth\Guard $auth
* @param \Illuminate\Contracts\Auth\Registrar $registrar
* @return void
*/
public function __construct(Guard $auth, Registrar $registrar)
{
$this->auth = $auth;
$this->registrar = $registrar;
$this->middleware('guest', ['except' => 'getLogout']);
}
public function getRegister()
{
//return view('auth.register');
return \View::make('auth.register');
}
public function postRegister(RegisterRequest $request)
{
// Registration form is valid, create user...
//$user = \App\User::create($request->all());
//$this->validate($request, [
//'userid' => 'required', 'password' => 'required',
//]);
$user = new \App\User();
$user->userid = $request->input('userid');
$user->password = \Illuminate\Support\Facades\Hash::make($request->input('password'));
$user->save();
$this->auth->login($user);
return redirect('pets');
}
public function getLogin()
{
//return view('auth.login');
return view('auth.testview');
}
public function postLogin(Request $request)
{
$this->validate($request, [
'userid' => 'required', 'password' => 'required',
]);
//added
echo 'made it here====';
$tvar = $request->input('userid');
//echo $tvar;
$pw = $request->input('password');
if ($this->auth->attempt(['userid' => $tvar, 'password' => $pw]))
{
//echo 'logged in========'.$request->user->userid;
//echo 'logged in========'.$request->user()->userid;
$yourvar = $request->user()->userid;
echo $yourvar;
echo "====loggin in now";
return redirect('pets');
}
else
{
echo ' not logged in';
}
//added
/*$credentials = $request->only('email', 'password');
if ($this->auth->attempt($credentials, $request->has('remember')))
{
return redirect($this->redirectPath());
}
return redirect('/auth/login')
->withInput($request->only('email'))
->withErrors([
'email' => 'These credentials do not match our records.',
]);*/
}
public function getLogout()
{
$this->auth->logout();
return redirect('/');
}
}//end class
My RegisterRequest file
<?php namespace App\Http\Requests;
class RegisterRequest extends Request {
/**
* Get the validation rules that apply to the request.
*
* @return array
*/
public function rules()
{
/*return [
'email' => 'required|email|unique:users',
'password' => 'required|confirmed|min:8',
];*/
return [
'userid' => 'required',
'password' => 'required',
];
/*$user = [
'email' => 'required|email|unique:users',
'password' => 'required|confirmed|min:8',
];
return $user; */
}
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
return true;
}
}
You need all the use statements at top.
lovePizza said:
How can I debug the authentication?
Make use of the Log facade (Illuminate\Support\Facades\Log).
use Illuminate\Support\Facades\Log;
function myAuthentication()
{
// Doing some stuff
Log::debug('Log something');
// Doing some more stuff
}
You find your log in storage/logs folder. More about logging: http://laravel.com/docs/5.0/errors#logging
Regards MightyM
Sign in to participate in this thread!
The Laravel portal for problem solving, knowledge sharing and community building.
The community