8

i am using laravel manual authentication system.Submitting the form redirects to this route shown below.And in the authenticate () function the name and password never matches to which i stored earlier. i.e. Auth::attempt is always false.

 Route::post('/logintest', 'mycontroller@authenticate');
    Route::get('/home', ['middleware' => 'auth', function() {
  echo "home page";});
}]);

authenticate function:

public function authenticate(Request $request)
         {
            $input=$request->all();
            $password=$input['password'];
            $name=$input['name'];

            if (Auth::attempt(['Name' => $name, 'Password' => $password]) ){
            return redirect()->intended('/home');
        }   else 
          {
                return redirect('/login')->with('message','Error logging in!');
            }
        }

I've registered the user this way. the password is hashed using bcrypt(). function. but in authenticate() function i am comparing with plain password. i somewhere read Auth automatically handles it. OR Is there something should i change in config/auth.php because i've used name to authenticate instead of username? 

public function register(Request $request)
{
    $input=$request->all();
    $password=bcrypt($input['password']);
    $name=$input['name'];
    $insert= User::insert(['Name'=>$name,'Password'=>$password]);
    return redirect('/login')
            ->with('message','successfully Registered.');
}
micky
  • 277
  • 1
  • 13
  • 39

9 Answers9

5

There is a problem with the names. Auth@attempt takes all those credentials, except password (case sensitive), that you pass in that array and runs a where query (This is how you can add extra constraints to the attempt, as they are just where conditions). If it finds a model it then will do a hash check on the password credential (case sensitive) you passed and the model's hashed password which it gets from $model->getAuthPassword().

This field in the credentials is a special one as it is what Auth needs so it knows what field in the credentials is meant to be the password. It does not correlate directly to the field you have used on your users table, and must be named password in the credentials array. The other fields in the credentials you pass, besides 'password', do correlate directly to the fields on the users table as they are conditions for a database query on that table.

You have to declare in your User model if you are using a field other than 'password' on the table as the password. In your case you are using 'Password'. (this is all case sensitive)

class User ....
{
    ...
    public function getAuthPassword()
    {
        return $this->Password; // case sensitive
    }
    ...
}

When passing the credentials you pass the plain text password as there will be a hash_check happening, not a direct comparison.

You can name the fields what ever you want on your actual table, you just have to make Eloquent aware of this.

lagbox
  • 48,571
  • 8
  • 72
  • 83
4

Check the code below

public function authenticate(Request $request)
{
     $password = $request->input('password');
     $name = $request->input('name');

     if (Auth::attempt(['name' => $name, 'password' => $password]) )
     {
          return redirect()->intended('/home');
     }   
     else 
     {
          return view('login')->withErrors('Error logging in!');
     }
 }
Javid Aliyev
  • 436
  • 4
  • 11
  • found that the `Auth::attempt` is false because of wrong password. I have used bcrypt() while registering users. `$password=bcrypt($input['password']);` how can i use it here to access? – micky May 17 '16 at 07:25
  • 1
    $password = Input::get('password'); $hashed = Hash::make($password); – Javid Aliyev May 17 '16 at 07:35
  • can you write the code here? i dont know what do you do – Javid Aliyev May 17 '16 at 07:57
  • Where is the code? Do you upload the blade and controller file? You said : "i've used name to authenticate instead of username" --> Can You upload the project or necessary configs and files? Where You save copy of vendor/laravel/framework/src/Illuminate/Foundation/Auth/AuthenticatesAndRegistersUsers.php file? – toha May 26 '16 at 03:31
2

You should write Password's p character in small letter.

Replace,

Auth::attempt(['Name' => $name, 'Password' => $password])

to

Auth::attempt(['Name' => $name, 'password' => $password]) // 'p' is in small letter here.

check this link also.

Community
  • 1
  • 1
Ravi Hirani
  • 6,511
  • 1
  • 27
  • 42
1

As you're using name instead of email (default) as username to authenticate with. You should add $username property inside your AuthController.

....

class AuthController extends Controller
{


use AuthenticatesAndRegistersUsers, ThrottlesLogins;

/**
 * Override the input name 'email'
 * Change it as the name on blade
 *
 * @var string $username
 */
protected $username = 'Name';

....
}

Alternatively, you can override loginUsername() method from Illuminate\Foundation\Auth\AuthenticatesUsers trait.

....

class AuthController extends Controller
{


use AuthenticatesAndRegistersUsers, ThrottlesLogins;

/**
 * Get the login username to be used by the controller.
 *
 * @return string
 */
public function loginUsername()
{
    return 'Name';
}

....
}

Like others said, case matters. You then need to override getAuthPassword() method from Illuminate\Auth\Authenticatable trait on your User model

....

class User extends Authenticatable
{

....

    /**
     * Get the password for the user.
     *
     * @return string
     */
    public function getAuthPassword()
    {
        return $this->Password;
    }
}
Chay22
  • 2,834
  • 2
  • 17
  • 25
  • They aren't using the AuthController and if they are they are bypassing all of that as the `attempt` method in their code is hand written. – lagbox May 25 '16 at 21:42
0

Everything appears to be correct.

What are the column names in the users table?

Names are case-sensitive. So make sure that they are indeed Name and Password and not name and password.

linuxartisan
  • 2,396
  • 3
  • 21
  • 40
  • In `public function authenticate(Request $request)` try changing `$password=$input['password'];` to `$password=bcrypt($input['password']);` – linuxartisan May 18 '16 at 05:29
0

Why don't you use the command php artisan make:auth? It will make everything you need.

Christian Giupponi
  • 7,408
  • 11
  • 68
  • 113
Mohamed Elbiheiry
  • 347
  • 2
  • 9
  • 25
0
Route::group(['middleware' => ['web']], function () {
    Route::post('/logintest', 'mycontroller@authenticate'); 
});

  1. please check with the above change in your Routes.php, provided you are using version 5 or 5.2

  2. Make sure your users table field names are "Name" and "Password" else update it.

  3. Check the field length of your Password field (in your database, users table). It should hold a lengthy, hashed password something like this $2y$10$eM.kmjTwEIykhNUqMsNzMud0E6eO6RUYAzTqirrbozY1zdhVwQmsC atleast, (varchar(60))

It would be better if you could show us the users table schema

  1. Finally, make sure you are entering the correct password (as I can't see much mistakes in your code)
VipindasKS
  • 516
  • 7
  • 15
0

If you want to use Name as unique username and password fiendname as Password

You can do this way..

In your AuthController add this method

public function loginUsername()
{
    return 'Name';
}

And in your User model add this method

public function getAuthPassword()
{
    return $this->Password; 
}

Hope this will work.

Parvez Rahaman
  • 4,269
  • 3
  • 22
  • 39
0

Try to switching to lowercase indexes in this line:

//...
if (Auth::attempt(['Name' => $name, 'Password' => $password]) ) {
//...

To

//...
if (Auth::attempt(['name' => $name, 'password' => $password]) ) {
//...
CarlosCarucce
  • 3,420
  • 1
  • 28
  • 51