I am using laravel 6 and authenticating my users by Auth class. following code returns false always. what is problem guys ?
public function doLogin(Request $request){
$authenticate = Auth::attempt([
'email' => $request->input('email'),
'password' => $request->input('password'),
]);
if ($authenticate) {
return redirect('/');
}
}
You need to hash your password - by looking at your comment "password" => "123" - password is stored as plain text.
You can set up mutator in your User model to handle hashing automatically like so:
public function setPasswordAttribute(string $password): void
{
$this->attributes['password'] = Hash::make($password);
}
Make sure you import Illuminate\Support\Facades\Hash;
You can then add new user or update existing via tinker - this should convert plain text password to hash and your authentication should be validating.
Related
Hi I'm trying to work with encryption of emails in user table and change auth process's "email" with encryption but not working for me keep returning my email does not match records.
My RegisterController is:
User::create([
'name' => $data['name'],
'email' => sha1(sha1($data['email'])),
'password' => Hash::make($data['password']),
'referred_by' => $referred_by
]);
And I'm trying to do manual auth with laravel as of here: https://laravel.com/docs/6.x/authentication#authenticating-users
my LoginController:
public function authenticate(Request $request)
{
$credentials = $request->only(sha1(sha1('email')), 'password');
if (Auth::attempt($credentials)) {
// Authentication passed...
return redirect()->intended('dashboard');
}
}
Note: I know sha1 is not good but i think double of sha1 for emails will be pretty hard to crack tho.
also i can't exactly find where auth is taking place (because i started learning laravel like 3 weeks ago) where i can switch user input of email field into sha1 x2 so then it can compare with users table emails.
Thanks
Found the answer here: https://laracasts.com/discuss/channels/laravel/encrypt-email-field-in-users-table
Changing function login of AuthenticatesUsers by:
public function login(Request $request)
{
if (Auth::attempt(['email' => sha1(sha1($request->email)), 'password' => $request->password])) {
return redirect()->intended();
} else {
return $this->sendFailedLoginResponse($request);
}
}
thanks to saaz.
I am using Crypt:: for registration and login. My registration is successful but login is not successful. Please check the code and help me.
public function Login(Request $request)
{
$this->validate($request, [
'email' => 'required',
'password' => 'required',
]);
$userdata = array(
'email' => $request->email,
'password' => \Crypt::encrypt($request->password)
);
if (Auth::attempt($userdata) {
echo "success";die();
}
return "Ops! snap! seems like you provide an invalid login credentials";
}
Originial
You need to use Hashing, not Encryption.
Registration
...
$userdata = [
'email' => $request->email
'password' => Hash::make($request->password)
];
...
// User saved..
Login
$credentials = $request->only('email', 'password');
if (Auth::attempt($credentials) {
// It work
}
Ref :
https://laravel.com/docs/5.6/authentication
https://laravel.com/docs/5.6/hashing
Update
OP : I need to Crypt::decrypt to decode the password and send on email. Using hash i couldn't decode it. Thats the reason i need Crypt.
I really don't recommend it. That's why we have the "forgot password" feature to create new password.
Is it secure to store passwords with 2 way encryption?
Okay, back to the topic, How to login with Crypt encryption?
You need to add login() method in Auth\LoginController :
/**
* Handle a login request to the application.
*
* #param \Illuminate\Http\Request $request
* #return \Illuminate\Http\RedirectResponse|\Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*
* #throws \Illuminate\Validation\ValidationException
*/
public function login(Request $request)
{
$decrypted = $request->input('password');
$user = User::where('email', $request->input('email'))->first();
if ($user) {
if (Crypt::decryptString($user->password) == $decrypted) {
Auth::login($user);
return $this->sendLoginResponse($request);
}
}
return $this->sendFailedLoginResponse($request);
}
WARNING!
All of Laravel's encrypted values are signed using a message authentication code (MAC) so that their underlying value can not be modified once encrypted.
You must have the same key. If you change the key (artisan key:generate), it means you will not be able to login.
I really don't recommend it.
I have this problem before.
I used Crypt Encryption because I need to display the password from encrypted to decrypted in laravel blade input element.
I deeply look at laravel references in projects and found a solution.
In default laravel used HASH for encryption, since I used Crypt to Register and Login.
When I try to Login this returns false.
What I did is edited one laravel function located in
vendor\laravel\framework\src\Illuminate\Auth\EloquentServiceProvider.php
and change this function from these
public function validateCredentials(UserContract $user, array $credentials)
{
$plain = $credentials['password'];
return $this->hasher->check($plain, $user->getAuthPassword());
}
to these
public function validateCredentials(UserContract $user, array $credentials)
{
$plain = $credentials['password'];
return \Crypt::decrypt($user->getAuthPassword());
}
I want to check if a password is correct of a particular user in the database. I want to use Laravel validation for this purpose
.
Here is my current code
$validator = $request->validate([
'password' => ['required',Rule::exists('users')->where(function ($query) { $query->where('id',Auth::id()); })]
]);
I think this generates the query
select count(*) as aggregate from `users` where `password` = 123 and id = 1))
What's missing is that I want this password (123) to be hashed to get checked properly.
Currently, I get the validation error
The selected password is invalid
Even I am entering the correct password
In this case you should create your own Validation Rule following this instructions
php artisan make:rule ValidatePassword
In the generated file, add the constructor method for receive the user you want to validate password against
public function __construct(User $user)
{
$this->user = $user;
}
You should write the logic for checking the password inside the passes method
public function passes($attribute, $value)
{
return Hash::check($value, $this->user->password);
}
Then, you can use it like
$validator = $request->validate([
'password' => ['required', new ValidatePassword(auth()->user())]
]);
Make sure to import User, ValidatePassword and Hash, I skipped that for brevity.
I'm trying to implement authentication functionally in laravel
This is my post login function
public function postLogin(Request $request){
if (Auth::attempt(['email' => $request->get('email'), 'password' => $request->get('password')])){
return redirect()->route('index');}
else{
return 'not entered ';
}
}
However, I receive not entered each time.
My passwords stored as plain-text in database (Not hashed).
Do you know that , when you're using Auth::attempt() , and passing password init , laravel will hash the password for you .. for example you have a 123456 password in your table . then you're trying to login with Auth::attempt() .. your input password will be changed into "kjdfklsjgkjfglkjdgkjdfg" this .. Now you realize ? why you method is returning 'not entered ' instead of redirecting to admin route
Try to write a seed where you have to use Hash facade Hash::make($password) or global function bcrypt($password) , the you'll get a hashed passoword in your database . after that you'll be able to use Auth::attempt() with a success
and it's better to use $request->input() , you know it looks good! :)
try using $request->input() instead of $request->get()
public function postLogin(Request $request){
if (Auth::attempt(['email' => $request->input('email'), 'password' => $request->input('password')])){
return redirect()->route('admin');
}else{
return 'not entered ';
}
}
happy coding!
My auth function is always returning false in my UserController function, here is my controller function.
public function postSignin(Request $request)
{
$userdata = array(
'email' => $request->input('email'),
'password' => $request->input('password')
);
if (Auth::attempt($userdata))
{
return redirect()->route('user.profile');
}
else
{
return redirect()->back();
}
}
and here is my route code
Route::post('/signin', [
'uses' => 'UserController#postSignin' , 'as' => 'user.signin'
]);
When I enter the credentials, the if part of auth is not working and I am redirected to my page as instructed by the else condition...
You may be saving your users passwords as plain text into the database, because when using the Auth::attempt() function laravel automatically hashes the password to compare. Make sure when inserting you properly hash the password with the bcrypt() helper function. The only other possibility I can think of is if your sure your putting in the right password or username?
Example of bcrypt when creating a new user:
User::create([
"username" => $username,
"password" => bcrypt($password);
]);
Hope this helps!