I have build an application using laravel. Yesterday I have put the application live, but I have a lot of problems with the authentication. No one can login except when they reset their password, and then it works once.
I have tested this using the following controller.
<?php
class AdminController extends \BaseController {
public function getResetPw($id, $pw) {
// Start password changing.
$user = User::find($id);
if ($user == null)
return "No valid user";
$user->password = Hash::make($pw);
$user->save();
return "Password set for " . $user->username . ". ('" . $pw . "', '" . $user->password . "')<br /><br />Check: " . Auth::attempt(array('username' => $user->username, 'password' => $pw));
}
public function getTestPw($id, $pw) {
// Start password changing.
$user = User::find($id);
if ($user == null)
return "No valid user";
return Auth::attempt(array('username' => $user->username, 'password' => $pw)) . "";
}
}
First I cal the getResetPw function to set my new password, then I call getTestPw to test this. I refresh the page every second and it returns 1 about 5 times and then the auth becomes invalid. Meaning I can no longer login.
These are the routes for the above functions:
Route::get('/admin/pwreset/{id}/{pw}', 'AdminController@getResetPw')->where('id', '\d+');
Route::get('/admin/pwtest/{id}/{pw}', 'AdminController@getTestPw')->where('id', '\d+');
Could this be because of invalid characters in my encryption key? This is my encryption key (with some letters replaced): ROOzr*Dqmoense_se_emvnqmd!*tft7e
I am using apc as my session driver, no other settings have been changed in session.php
Thank you for helping.
Update: This is my post login function: public function postLogin() { $message = ""; // The errormessage
//Prepare to make a log
$log = new UserLog;
// Are all fields present?
if (Input::has('txtUsername') && Input::has('txtPassword'))
{
$log->username = Input::get('txtUsername');
// Check the data.
if (Auth::attempt(array('username' => Input::get('txtUsername'), 'password' => Input::get('txtPassword'))))
{
//Log this action
$log->user_id = Auth::user()->id;
$log->status = 'LoginSuccess';
$log->save();
return Redirect::intended('/user');
}
else
{
$log->status = 'LoginFailed';
$log->save();
$message = "Invalid login.";
// If the username is known, let the webmasters know.
if (User::where('username', '=', Input::get('txtUsername'))->count() > 0)
{
$data = array(
"username" => Input::get('txtUsername'),
"ip" => $_SERVER['REMOTE_ADDR'],
"user_agent" => $_SERVER['HTTP_USER_AGENT']
);
Role::find(1)->sendMail(
'Login (' . Input::get('txtUsername') . ')',
'emails.auth.loginAttempt',
$data
);
}
}
}
else
{
$message = "Complete all fields.";
}
return View::make('login.login')->with('message', $message);
}
Sounds like an odd one. What happens if you use file based sessions?
To improve your code a little add this to the User model and remove the line
// Add this
public function setPasswordAttribute($value)
{
$this->attributes['password'] = Hash::make($value);
}
// Remove this
$user->password = Hash::make($pw);
And for the authentication problem could you share the code belonging to that, so we could help you with that.
T2theC said:
Sounds like an odd one. What happens if you use file based sessions?
I have tried all session drivers, but this didn't help.
eriktisme said: And for the authentication problem could you share the code belonging to that, so we could help you with that.
I have added the login code.
Update: I noticed that passwords get rehashed when logging in. Could it be possible that something is happening here?
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast