Support the ongoing development of Laravel.io →
posted 10 years ago
Authentication

I have build an application using laravel. Yesterday I have put the application live, but I have a lot of problems with the authentication. No one can login except when they reset their password, and then it works once.

I have tested this using the following controller.

<?php

class AdminController extends \BaseController {

	public function getResetPw($id, $pw) {
            // Start password changing.
            $user = User::find($id);
            
            if ($user == null)
                return "No valid user";
            
            $user->password = Hash::make($pw);
            $user->save();
            
            return "Password set for " . $user->username . ". ('" . $pw . "', '" . $user->password . "')<br /><br />Check: " . Auth::attempt(array('username' => $user->username, 'password' => $pw));
        }
        
        public function getTestPw($id, $pw) {
            // Start password changing.
            $user = User::find($id);
            
            if ($user == null)
                return "No valid user";
            
            return Auth::attempt(array('username' => $user->username, 'password' => $pw)) . "";
        }
}

First I cal the getResetPw function to set my new password, then I call getTestPw to test this. I refresh the page every second and it returns 1 about 5 times and then the auth becomes invalid. Meaning I can no longer login.

These are the routes for the above functions:

Route::get('/admin/pwreset/{id}/{pw}', 'AdminController@getResetPw')->where('id', '\d+');
Route::get('/admin/pwtest/{id}/{pw}', 'AdminController@getTestPw')->where('id', '\d+');

Could this be because of invalid characters in my encryption key? This is my encryption key (with some letters replaced): ROOzr*Dqmoense_se_emvnqmd!*tft7e

I am using apc as my session driver, no other settings have been changed in session.php

Thank you for helping.

Update: This is my post login function: public function postLogin() { $message = ""; // The errormessage

	//Prepare to make a log
	$log = new UserLog;
	
	// Are all fields present?
	if (Input::has('txtUsername') && Input::has('txtPassword'))
	{
		$log->username = Input::get('txtUsername');
                    
		// Check the data.
		if (Auth::attempt(array('username' => Input::get('txtUsername'), 'password' => Input::get('txtPassword'))))
		{
			//Log this action
			$log->user_id = Auth::user()->id;
			$log->status = 'LoginSuccess';
			$log->save();
			
			return Redirect::intended('/user');
		}
		else
		{
			$log->status = 'LoginFailed';
			$log->save();
			
			$message = "Invalid login.";
			
			// If the username is known, let the webmasters know.
			if (User::where('username', '=', Input::get('txtUsername'))->count() > 0)
			{
				$data = array(
					"username" => Input::get('txtUsername'),
					"ip" => $_SERVER['REMOTE_ADDR'],
					"user_agent" => $_SERVER['HTTP_USER_AGENT']
				);
				Role::find(1)->sendMail(
					'Login (' . Input::get('txtUsername') . ')', 
					'emails.auth.loginAttempt', 
					$data
				);
			}
		}
	}
	else
	{
		$message = "Complete all fields.";
	}
	
	return View::make('login.login')->with('message', $message);
}
Last updated 3 years ago.
0

Sounds like an odd one. What happens if you use file based sessions?

Last updated 3 years ago.
0

To improve your code a little add this to the User model and remove the line

// Add this
public function setPasswordAttribute($value)
{
	$this->attributes['password'] = Hash::make($value);
}

// Remove this
$user->password = Hash::make($pw);

And for the authentication problem could you share the code belonging to that, so we could help you with that.

Last updated 3 years ago.
0

T2theC said:

Sounds like an odd one. What happens if you use file based sessions?

I have tried all session drivers, but this didn't help.

eriktisme said: And for the authentication problem could you share the code belonging to that, so we could help you with that.

I have added the login code.

Update: I noticed that passwords get rehashed when logging in. Could it be possible that something is happening here?

Last updated 3 years ago.
0

Sign in to participate in this thread!

PHPverse

Your banner here too?

jerodev jerodev Joined 20 May 2014

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2025 Laravel.io - All rights reserved.