Hi I'm trying to work with encryption of emails in user table and change auth process's "email" with encryption but not working for me keep returning my email does not match records.
My RegisterController is:
User::create([
'name' => $data['name'],
'email' => sha1(sha1($data['email'])),
'password' => Hash::make($data['password']),
'referred_by' => $referred_by
]);
And I'm trying to do manual auth with laravel as of here: https://laravel.com/docs/6.x/authentication#authenticating-users
my LoginController:
public function authenticate(Request $request)
{
$credentials = $request->only(sha1(sha1('email')), 'password');
if (Auth::attempt($credentials)) {
// Authentication passed...
return redirect()->intended('dashboard');
}
}
Note: I know sha1 is not good but i think double of sha1 for emails will be pretty hard to crack tho.
also i can't exactly find where auth is taking place (because i started learning laravel like 3 weeks ago) where i can switch user input of email field into sha1 x2 so then it can compare with users table emails.
Thanks
Found the answer here: https://laracasts.com/discuss/channels/laravel/encrypt-email-field-in-users-table
Changing function login of AuthenticatesUsers by:
public function login(Request $request)
{
if (Auth::attempt(['email' => sha1(sha1($request->email)), 'password' => $request->password])) {
return redirect()->intended();
} else {
return $this->sendFailedLoginResponse($request);
}
}
thanks to saaz.
Related
I am using laravel 6 and authenticating my users by Auth class. following code returns false always. what is problem guys ?
public function doLogin(Request $request){
$authenticate = Auth::attempt([
'email' => $request->input('email'),
'password' => $request->input('password'),
]);
if ($authenticate) {
return redirect('/');
}
}
You need to hash your password - by looking at your comment "password" => "123" - password is stored as plain text.
You can set up mutator in your User model to handle hashing automatically like so:
public function setPasswordAttribute(string $password): void
{
$this->attributes['password'] = Hash::make($password);
}
Make sure you import Illuminate\Support\Facades\Hash;
You can then add new user or update existing via tinker - this should convert plain text password to hash and your authentication should be validating.
I have to use an old user database for our new Laravel 5.6 website. There is now way I can ask all the users to remake passwords. The old site was joomla 3.7.5 and after a bit of playing around I found that, check password on login Joomla 3.7.5 used...
$result = password_verify($PlanTextLoginForm, $PasswordForDB);
and to make a new user's password...
$PasswordForDB = password_hash($PlanTextLoginForm, PASSWORD_BCRYPT);
I have found about 6 places in Laravel to change...
Hash::make($data['password'])
to
password_hash($data['password'], PASSWORD_BCRYPT);
I just can't find the login challenge?
nothing in the LoginController.
So the real question is where is the login-> function found for Auth::routes(); ?
Laravel basic authentication function
public function postLogin()
{
$rules = array(
'email' => 'required|email',
'password' => 'required|alphaNum|min:6');
$validator = Validator::make(Input::all(), $rules);
if ($validator->fails())
{
return Redirect::to('login')
->withErrors($validator)
->withInput(Input::except('password'));
}
else
{
$userdata = array(
'email' => Input::get('email'),
'password' => Input::get('password')
);
if (Auth::attempt($userdata))
{
return Redirect::to('dashboard');
}
else
{
return Redirect::to('login');
}
}
}
I have solved the problem. As posted above...
You shouldn't even need to change anything, Laravel uses bcrypt too. – Devon
Jwt-auth package changes the password encryption of the passwords.
I am trying to set up authentication system on Laravel from scratch but I can not make the user to log in after the user its registered.
My RegisterController to store the user:
public function store()
{
$this->validate(request(),[
'name'=>'required',
'email'=>'required',
'password'=>'required'
]);
$user = User::create(request(['name', 'email','password']));
auth()->login($user);
return redirect()->home();
}
Now everything works great but when i go to login form I cant log in. Here is my SessionsController that deals with login:
public function store()
{
if(!auth()->attempt(request(['email','password'])))
return back();
}
return redirect()->home();
}
What I am doing wrong here that I can not log in the user?!
In this case I see that when you register a user you are saving their password as a PLAIN TEXT on database, which is VERY WRONG.
Now the issue happens when attempt() is trying to login the user, it is getting the email and password will bcrypt the password to compare with a hashed one on database(your case u are saving as a plain text).
When you create the user bcrypt() the password like so:
public function store()
{
$this->validate(request(),[
'name'=>'required',
'email'=>'required',
'password'=>'required'
]);
$user = User::create([
'name' => request('name'),
'email' => request('email'),
'password' => bcrypt(request('password'))
]);
auth()->login($user);
return redirect()->home();
}
My auth function is always returning false in my UserController function, here is my controller function.
public function postSignin(Request $request)
{
$userdata = array(
'email' => $request->input('email'),
'password' => $request->input('password')
);
if (Auth::attempt($userdata))
{
return redirect()->route('user.profile');
}
else
{
return redirect()->back();
}
}
and here is my route code
Route::post('/signin', [
'uses' => 'UserController#postSignin' , 'as' => 'user.signin'
]);
When I enter the credentials, the if part of auth is not working and I am redirected to my page as instructed by the else condition...
You may be saving your users passwords as plain text into the database, because when using the Auth::attempt() function laravel automatically hashes the password to compare. Make sure when inserting you properly hash the password with the bcrypt() helper function. The only other possibility I can think of is if your sure your putting in the right password or username?
Example of bcrypt when creating a new user:
User::create([
"username" => $username,
"password" => bcrypt($password);
]);
Hope this helps!
I recently started learning Laravel (PHP MVC framework) and I've been having a lot of issues with Authenticating a user with: Auth::attempt($credentials).
I'll put my code snippets below. In my mySQL database I have a record with the following key=>values:
id=>1, username=>'admin', password=>'admin', created_at=>0000-00-00 00:00:00, updated_at=>0000-00-00 00:00:00
The Validator passes, but the Auth:attempt always fails.
If the code below and my little explanation isn't enough, please let me know! :-)
Routes.php:
Route::get('login', 'AuthController#showLogin');
Route::post('login', 'AuthController#postLogin');
AuthController:
public function showLogin(){
if(Auth::check()){
//Redirect to their home page
}
//Not logged in
return View::make('auth/login');
}
public function postLogin(){
$userData = array(
'username' => Input::get('username'),
'password' => Input::get('password')
);
$reqs = array(
'username' => 'Required',
'password' => 'Required'
);
$validator = Validator::make($userData, $reqs);
if($validator->passes() && Auth::attempt($userData)){
return Redirect::to('home');
}
return Redirect::to('login')->withInput(Input::except('password'));
}
I believe the attempt() method will hash the password that is sent in. Seeing as your DB entry's password is 'admin' in plaintext, that would fail. Save your password with Hash::make($password); and i believe your problem should be solved.