I have build an application using laravel. Yesterday I have put the application live, but I have a lot of problems with the authentication. No one can login except when they reset their password, and then it works once.
I have tested this using the following controller.
<?php
class AdminController extends \BaseController {
public function getResetPw($id, $pw) {
// Start password changing.
$user = User::find($id);
if ($user == null)
return "No valid user";
$user->password = Hash::make($pw);
$user->save();
return "Password set for " . $user->username . ". ('" . $pw . "', '" . $user->password . "')<br /><br />Check: " . Auth::attempt(array('username' => $user->username, 'password' => $pw));
}
public function getTestPw($id, $pw) {
// Start password changing.
$user = User::find($id);
if ($user == null)
return "No valid user";
return Auth::attempt(array('username' => $user->username, 'password' => $pw)) . "";
}
}
First I cal the getResetPw
function to set my new password, then I call getTestPw
to test this. I refresh the page every second and it returns 1
about 5 times and then the auth becomes invalid. Meaning I can no longer login.
These are the routes for the above functions:
Route::get('/admin/pwreset/{id}/{pw}', 'AdminController@getResetPw')->where('id', '\d+');
Route::get('/admin/pwtest/{id}/{pw}', 'AdminController@getTestPw')->where('id', '\d+');
Could this be because of invalid characters in my encryption key? This is my encryption key (with some letters replaced): ROOzr*Dqmoense_se_emvnqmd!*tft7e
I am using apc as my session driver, no other settings have been changed in session.php
Thank you for helping.
Update: This is my post login function: public function postLogin() { $message = ""; // The errormessage
//Prepare to make a log
$log = new UserLog;
// Are all fields present?
if (Input::has('txtUsername') && Input::has('txtPassword'))
{
$log->username = Input::get('txtUsername');
// Check the data.
if (Auth::attempt(array('username' => Input::get('txtUsername'), 'password' => Input::get('txtPassword'))))
{
//Log this action
$log->user_id = Auth::user()->id;
$log->status = 'LoginSuccess';
$log->save();
return Redirect::intended('/user');
}
else
{
$log->status = 'LoginFailed';
$log->save();
$message = "Invalid login.";
// If the username is known, let the webmasters know.
if (User::where('username', '=', Input::get('txtUsername'))->count() > 0)
{
$data = array(
"username" => Input::get('txtUsername'),
"ip" => $_SERVER['REMOTE_ADDR'],
"user_agent" => $_SERVER['HTTP_USER_AGENT']
);
Role::find(1)->sendMail(
'Login (' . Input::get('txtUsername') . ')',
'emails.auth.loginAttempt',
$data
);
}
}
}
else
{
$message = "Complete all fields.";
}
return View::make('login.login')->with('message', $message);
}
Sounds like an odd one. What happens if you use file based sessions?
To improve your code a little add this to the User model and remove the line
// Add this
public function setPasswordAttribute($value)
{
$this->attributes['password'] = Hash::make($value);
}
// Remove this
$user->password = Hash::make($pw);
And for the authentication problem could you share the code belonging to that, so we could help you with that.
T2theC said:
Sounds like an odd one. What happens if you use file based sessions?
I have tried all session drivers, but this didn't help.
eriktisme said: And for the authentication problem could you share the code belonging to that, so we could help you with that.
I have added the login code.
Update: I noticed that passwords get rehashed when logging in. Could it be possible that something is happening here?
Sign in to participate in this thread!
The Laravel portal for problem solving, knowledge sharing and community building.
The community