I use a SQLite database instead of MySQL for authentication on my Laravel app. The registration works perfectly, but the login does not work correctly.
I get the following error:
These credentials do not match our records.
Please, help me to solve it!
When you register a new user, the password about to be stored must be encrypted with the bcrypt() helper, such as bcryp($request->password).
Otherwise the credentials will not match during login time.
Also, if you did not use the users migration packed with Laravel, the password field must be a minimum of 64 characters in lenght.
Add this code in your User model
/**
* Hash password by bcrypt before save in database.
*
* #param type $password
*/
public function setPasswordAttribute($password)
{
if (isset($password)) {
$this->attributes['password'] = bcrypt($password);
}
}
everything is working but you have to ensure that
your SQLite DB is not open somewhere else
if it will open in DB browser or any other such type of tool just close that and try again later
will work fine
Related
I am using in-built Registration and Login code in Laravel 5.1
What I am doing ?
I did the registration and credentials are being saved successfully.
What's the problem ?
When I try to do the login, it says "These credentials do not match our records."
In postLogin Method , I saw the code : $credentials = $this->getCredentials($request); and when I printed values in $credentials and found that the Password value is plain text.
May be that's the reason the below line when executes always says User not found
if (Auth::attempt($credentials, $request->has('remember'))) {
Please suggest me the path
You should use bcrypt to encrypt the user password.
$user = new App\User;
$user->email = 'test#test.com';
$user->password = bcrypt('plain-text-password');
$user->save();
The Hash::check method allows you to verify that a given plain-text
string corresponds to a given hash.
if (Hash::check('plain-text-password', $hashedPassword)) {
// The passwords match...
}
I made many changes in the Framework. Those changes were like adding new columns in the User Table and code changes. Also changed from password to Password. Then I realized that at Authenticatable class under getAuthPassword function, it had to be Password and not password
Auth::attempt(['u_email'=>$credentials['email'],'u_password'=>sha1($credentials['password'])])
i'm use this code for authentication but i'm getting Undefined index: password error can any one help for create custom authentication control without changing in vendor library
Thank you in advance for help me...
There are 3 things you need to do.
Pass plain-text password to Auth::attempt() as Laravel will hash that itself before verifying it against the hash stored in the database.
Auth::attempt(['u_email'=>$credentials['email'],'password' => $credentials['password']]);
Pass password as password, not u_password to Auth::attempt(). The key doesn't need to match the password column name (why? see point 3.), but it must be equal to password - see point 1 for example.
Implement getAuthPassword() method in your user model, that will return value of u_password column. This method is used by user provider to fetch the password hash that is later verified against what was passed to Auth::attempt()
//in your User.php
public function getAuthPassword() {
return $this->u_password;
}
I'm just starting out with Laravel 5, I come from Laravel 4 environment so it shouldn't be too hard.
I heard L5 comes with a built-in authentication system which is neat.
I've set everything up from database to views.
The registration process is working correctly and after that it logs me in automatically. but when I log out and try to log back in, I get this error:
These credentials do not match our records.
I'm not sure what's wrong. do I have to write the login controller manually or how does it work in L5?
I had the same issue. The reason for mine was that
I defined setPasswordAttribute in my User model so every time, I enter plain password, it hashes before sending to DB.
public function setPasswordAttribute($password)
{
$this->attributes['password'] = \Hash::make($password);
}
and in my db:seed, I was creating a user with hashed password with Hash::make("password"), too. So laravel hashes hashed password :)
In laravel version 5.* you don't need to hash input password for Auth, because Auth manages it itself. you just have to pass {{csrf_field()}} through form.
In addition to #mervasdayi solution, a good way to hash passwords in setPasswordAttribute avoiding rehashing problems could be this:
public function setPasswordAttribute($password){
$this->attributes['password'] = Hash::needsRehash($password) ? Hash::make($password) : $password;
}
Further to what #mervasdayi & Gerard Reches have suggested. Just thought I'd make a note that you will need to include
use Illuminate\Support\Facades\Hash;
at the top of your User model when adding in these fixes.
I think that it is later but i found two solutions to solve this problem.
Firstly you can use bcrypt function if you use laravel 5.3. Look at the below function. It means that your get your data in array.
public function create(array $data)
{
return User::create([
'password' => bcrypt($data['password']),
]);
}
Secondly you can use mutator to fix it like this:
public function setPasswordAttribute($password)
{
$this->attributes['password'] = \Hash::make($password);
}
Hope that it can help others. Best regards
In my case, I attempt too many times with the wrong password, and then I am unable to login with the user for some hour, and at the same time, I am able to log in with other users.
This is going to sound very weird but kindly bear with me. I have built a symfony2 application which runs pretty well on the web.
Some users in the field are having so much trouble accessing the application on their phones in the field because we all know how heavy symfony is. The situation is so bad i'm forced to heavily scale down their access to just a four page access with just three php files, 1 for authentication, one for data entry and one for viewing their entries, all these without using symfony2 but plain php.
Now to my question, how do i check password against database password/salt?
I'm using FOSUserBundle for security
Are you sure you're using FOSUserBundle for security? I think you'll find you're using the core SecurityBundle for that. The way the user's password is stored will depend on how you have configured the security system.
The MessageDigestPasswordEncoder is what is used to encode the passwords. From looking at that code you can replicated it as needed. The gist of it is merge the password and salt ($password.'{'.$salt.'}') and then run it through PHP's hash function hash($this->algorithm, $salted, true) for however many iterations are needed.
Although, not specifically related to the question you asked, I'm a little confused as to what you mean by having to scale back the PHP for mobile users? Server page generation will take just as long for mobile as desktop users so why are you reimplementing outside of the symfony framework?
you can use user manager to check user credentials validity. i've created the following function for such mission.
/**
* authorize user by username and password
*
* #param string $username
* #param string $raw_password
*/
public function authUserByUsernamePassword($username, $raw_password) {
$userManager = $this->container->get('fos_user.user_manager');
$user = $userManager->findUserByUsername($username);
// username not found
if (!$user) {
throw new \Exception("User with username: $username not found!", 0);
}
$encoder_service = $this->container->get('security.encoder_factory');
$encoder = $encoder_service->getEncoder($user);
$encoded_pass = $encoder->encodePassword($raw_password, $user->getSalt());
if($encoded_pass != $user->getPassword()){
throw new \Exception("wrong password!", 0);
}
// Get UsernamePasswordToken
$token = new UsernamePasswordToken($user, $user->getPassword(), 'main', $user->getRoles());
// Set token
$this->authUserByToken($token);
return $this->getUserToken($user);
}
I'm using Cake 2.1.1 and trying to write an ajax function to reset a users password to a specific format. I have been able to change the password, but unable to make it so that the new password actually works to log the user in.
I have this function in my Users controller:
function ajax_reset_password(){
$this->autoRender=false;
$user = $this->User->find('first',array(
'conditions'=>array('User.email'=>$_GET['email'])
));
$this->User->id = $user['User']['id'];
$pass = $_GET['name'].'2014';
$passHashed= $this->Auth->password($pass);
$this->User->set('password', $pass);
$this->User->set('updated_at',date("Y-m-d H:i:s"));
$this->User->save();
//... code to email user new password
}
And this is my Users Controller beforeSave:
public function beforeSave(){
if (isset($this->data['User']['password'])) {
$this->data['User']['password'] = AuthComponent::password($this->data['User']['password']);
}
return true;
}
If I run this function and check my database, I can see that the value of password has changed literally to "name2014", but I cannot login with that password.
If I set the password to $passHashed and check my database, I see that the value of password has changed to a hashed value, but again, I cannot use the new password to login.
There is also a 'salt' field in my Users table that never changes.
I am guessing that the issue is that the salt needs to update with the password hash in order to properly decyrpt it, but I'm unsure of how to update the salt. Can I get it in my controller and set the value directly, or is this handled some other way with the AuthComponent?
Other posts about this topic seem to work fine with the code I have been using, but I also haven't found any that trying to set the password value directly.
Use what you have in the beforeSave(). (Don't try the route of hashing in the Controller).
If it's not hashing, just do some standard debugging and find out why it's not getting into that part of the code:
debug($this->data);
exit;
if (isset($this->data['User']['password'])) {
// IT'S NOT GETTING HERE
//...
This is one of those where the "answer" is just a nudge toward debugging your code, since it's clear where you can find out exactly what's going on and why by just seeing what's in the data and when.