I want to change the default auth fields name in Laravel 5.6, it looks like to work for the username but not for the password.
I looked this questions How to change / Custom password field name for Laravel 4 and Laravel 5 user authentication and the Sample data to test works but not in my login form.
username is useUsername
password is usePassword
On my login form, I tested to kind of data
When I try to log with a user with the password hash in db, I get These credentials do not match our records.
When I log with a user without password hash in db, I get an issue Undefined index: password in the vendor/laravel/framework/src/Illuminate/Auth/EloquentUserProvider.php-> validateCredentials(UserContract $user, array $credentials)
what I changed in the loginController.php
protected function validateLogin(Request $request)
{
$this->validate($request, [
$this->username() => 'required',
'usePassword' => 'required',
]);
}
public function username()
{
return 'useUsername';
}
protected function credentials(Request $request)
{
return $request->only($this->username(), 'usePassword');
}
In Users.php
protected $table = 't_user';
public function getAuthPassword()
{
return $this->usePassword;
}
I hope you could help me to solve this issue, I don't really understand why I get these different error with hash or not hash and how I could solve it.
MYT.
I thing you can use a Hashing Password by Using Bcrypt in Laravel.
like
$password = Hash::make('yourpassword');
Basically, you'll do it when creating/registering a new user
then hash password will be store into database.
when you log in then you can remember your password otherwise it will give you error ...
if you forgot your hash password then you can bcrypt password by using this one
$password = bcrypt('admin');
I hope this will help you...
for more information of Hashing you can visit
Hashing in laravel
I solved my problem by doing a custom AuthController. It was easiest for what I wanted to do.
Related
Is there a way I can create the user with the hashed password, not plain password?
public function post(StoreUserRequest $request) {
User::create($request->validated());
return redirect()->route('frontend.login')->with('message', 'Your account has been created!');
}
See the hashing docs here https://laravel.com/docs/5.8/hashing
You may hash a password by calling the make method on the Hash facade
public function post(StoreUserRequest $request)
{
$userData = $request->validated();
$userData['password'] = Hash::make($request->input['password']);
User::create($userData);
return redirect()->route('frontend.login')->with('message', 'Your account has been created!');
}
What are you using to Hash your password? But also you can, because a hash in just a string. Your field password in DB, probably is a string too. You can use Laravel Auth too. This provide a full authentication system with one line on terminal
php artisan make:auth
Spent last 30 minutes reading all posts on stackoverflow about this. Can't find solution.
This is my code:
public function PostLogIn(Request $request)
{
if (Auth::attempt(['email' => $request->email, 'password' => $request->password])) {
return redirect()->route('dashboard');
}
$status = 'Incorrect details';
return view('login')->with('status',$status);
}
Before you ask, i'm saving user password in hash on registration and password column can accept all 60 characters. I'm using standard user model with default names for email and password fields.
Read somewhere that i should add this to user model:
public function getAuthPassword() {
return $this->UserEmail;
}
Tried also don't work. From is sending data properly but my auth still fails for some reason.
(I created post 1.5 hours ago, wanted to edit but deleted by accident, sorry for the guy who replied :) )
I can comment yet, but if this doesn't help you I'll remove it.
Make sure $request->email brings anything (the email), dd($request->email);
Same for $request->password
Check if $request->password produces same hash that the one in DB:
if (Hash::check($request->password, $hashInDB)) {
// The passwords match...
}
Finally (actualy this should be done first :P) check if the email on $request->email is the same as the one you have stored in DB
PS: not sure about getAuthPassword in the model, you should try to do the attempt without it
I am using in-built Registration and Login code in Laravel 5.1
What I am doing ?
I did the registration and credentials are being saved successfully.
What's the problem ?
When I try to do the login, it says "These credentials do not match our records."
In postLogin Method , I saw the code : $credentials = $this->getCredentials($request); and when I printed values in $credentials and found that the Password value is plain text.
May be that's the reason the below line when executes always says User not found
if (Auth::attempt($credentials, $request->has('remember'))) {
Please suggest me the path
You should use bcrypt to encrypt the user password.
$user = new App\User;
$user->email = 'test#test.com';
$user->password = bcrypt('plain-text-password');
$user->save();
The Hash::check method allows you to verify that a given plain-text
string corresponds to a given hash.
if (Hash::check('plain-text-password', $hashedPassword)) {
// The passwords match...
}
I made many changes in the Framework. Those changes were like adding new columns in the User Table and code changes. Also changed from password to Password. Then I realized that at Authenticatable class under getAuthPassword function, it had to be Password and not password
I'm just starting out with Laravel 5, I come from Laravel 4 environment so it shouldn't be too hard.
I heard L5 comes with a built-in authentication system which is neat.
I've set everything up from database to views.
The registration process is working correctly and after that it logs me in automatically. but when I log out and try to log back in, I get this error:
These credentials do not match our records.
I'm not sure what's wrong. do I have to write the login controller manually or how does it work in L5?
I had the same issue. The reason for mine was that
I defined setPasswordAttribute in my User model so every time, I enter plain password, it hashes before sending to DB.
public function setPasswordAttribute($password)
{
$this->attributes['password'] = \Hash::make($password);
}
and in my db:seed, I was creating a user with hashed password with Hash::make("password"), too. So laravel hashes hashed password :)
In laravel version 5.* you don't need to hash input password for Auth, because Auth manages it itself. you just have to pass {{csrf_field()}} through form.
In addition to #mervasdayi solution, a good way to hash passwords in setPasswordAttribute avoiding rehashing problems could be this:
public function setPasswordAttribute($password){
$this->attributes['password'] = Hash::needsRehash($password) ? Hash::make($password) : $password;
}
Further to what #mervasdayi & Gerard Reches have suggested. Just thought I'd make a note that you will need to include
use Illuminate\Support\Facades\Hash;
at the top of your User model when adding in these fixes.
I think that it is later but i found two solutions to solve this problem.
Firstly you can use bcrypt function if you use laravel 5.3. Look at the below function. It means that your get your data in array.
public function create(array $data)
{
return User::create([
'password' => bcrypt($data['password']),
]);
}
Secondly you can use mutator to fix it like this:
public function setPasswordAttribute($password)
{
$this->attributes['password'] = \Hash::make($password);
}
Hope that it can help others. Best regards
In my case, I attempt too many times with the wrong password, and then I am unable to login with the user for some hour, and at the same time, I am able to log in with other users.
I dont want to update the password fields.how to use this.Im using md5 encode for password.So i dont want to update the password field in yii framework.any help appreciated??
I think a better approach would be to not use the scenario in this case. The next code in the rules just says to the scenario: the next fields are required. But not: skip the other else.
array('name, username, email', 'required', 'on' => 'update'),
For example, if we limit the length of the password up to 32 characters, but in a database is stored in a format sha1 (length 40), then we have a problem because the validator will block the database query.This is because when you make updating, the "validatŠµ" method checks all class properties (regards database table mapping), not just the new ones delivered by post.
Could use the method "saveAttributes", but then I noticed another problem. If the column "email" is unique in the database and in case edited email duplicate one of the existing, then the Yii message system defined in the rules can not notify and throws error code regards database query.
The easiest approach I think is: don't set scenario in this case. Just send as an argument the properties you want. This will keep the all CRUD features created by GII.
In your code it looks like this:
(in model)
public function rules() {
return array(
array('name, username, email, password', 'required'),
);
}
(in controller)
if($id==Yii::app()->user->id){
$model=$this->loadModel($id);
if(isset($_POST['JbJsJobResume'])) {
$model->attributes=$_POST['JbJsJobResume'];
if($model->save(true, array('name', 'username', 'email')))
$this->redirect(array('view','id'=>$model->id));
}
$this->render('update',array( 'model'=>$model, ));
}
I noticed that you do not use RBAC. It is very convenient and flexible - try it.
http://www.yiiframework.com/doc/guide/1.1/en/topics.auth#role-based-access-control
In your model you must do something like this:
public function rules() {
return array(
array('name, username, email, password', 'required', 'on' => 'create'),
array('name, username, email', 'required', 'on' => 'update'),
);
}
Lets say that the scenario that you run now is the update. So I don't require the password there. I require it only in the create scenario that you may have. So in the view file that you have you remove the password field and inside the action that you have you include this:
$model->setScenario('update');
so it will not require the password and it will remain the same.
For the password change you can create a new action (ex. actionPassChange) where you will require to type twice the new password.
$model->attributes=$_POST['JbJsJobResume'];
instead of assign all attributes just assign those only you want to save,
as
$model->name=$_POST['JbJsJobResume']['name'];
$model->save();
1st option Just unset password field before setting it:
function update(){
$model=$this->loadModel($id);
unset($_POST['JbJsJobResume']['password']);
$model->attributes=$_POST['JbJsJobResume'];
$model->save();
}
2nd option: Use temp variable:
function update(){
$model=$this->loadModel($id);
$temPassword = $model->passwrod;
$model->attributes=$_POST['JbJsJobResume'];
$model->passwrod = $temPassword;
$model->save();
}
3rd option: use scenarios
I am not sure why this is a problem, and some code could help us to understand why. If you do not wish to capture / update the password, then why is the password field in the form?
If you remove the password field from the view, the value of the password field will not be posted back to controller and then it will not be updated.
There is a possibility that the above method does not work and this could be that in your User model, you are encrypting the password in the afterValidate method?:
protected function afterValidate()
{
parent::afterValidate();
$this->password = $this->encrypt($this->password);
}
public function encrypt($value)
{
return md5($value);
}
In this scenario, if you remove the password field from the view, and just update the name, username or email, then the md5 hash of the password will be re-hashed automatically and you will lose the real password.
One method to get around this is to md5 the password in the afterValidate method (create or update) however if the user wishes to change profile details, in the same form, ask the user to verify their password again.
FORM: user changes name and verifies password
Form posted
Controller calls authenticate method.
If authenticate true, overwrite the entry in user table (including verified pw)
I think #Gravy's answer is right,Thanks Gravy and Nikos Tsirakis. I have fixed nearly same issue as #faizphp. I add scenario for User model as Nikos Tsirakis said, but got same issue also. Then I found I encrypt password in User.afterValidate, so when update the User model everytime, the program encrypt the password in database again to wrong password. So i changed my function from
protected function afterValidate()
{
parent::afterValidate();
if (!$this->hasErrors())
$this->password = $this->hashPassword($this->password);
}
</code>
to
protected function afterValidate()
{
parent::afterValidate();
if (!$this->hasErrors() && $this->scenario==="create")
$this->password = $this->hashPassword($this->password);
}
.
It seems work.