I want to get user data
I tried using
$user_data = App\User::where(["username"=>"admin", "password"=>bcrypt("test123")])->get();
But it is not working! I am sure the username and password is correct!
then I tried another one without bcrypt
$user_data = App\User::where(["username"=>"admin", "password"=>"test123"])->get();
And still not working!.
I don't know what is the problem.
I wondering if I can use Auth::attempt just to get the user data (without log-in)
$user_data = Auth::attempt(["username"=>"admin", "password"=>"test123"]);
Auth::attempt will signing you in. But I don't want that. I just want to get the user data only (without sign-in)
I forgot to mention that I'm creating an API...
However, I solved the problem by using Auth::once()
Auth::once(['username'=>'admin', 'password'=>'test123']);
Related
I have a table in my database called (users_system) contains:
user_id
user_pass (plain text)
... some other fields
What I want is to be able to do laravel(5.2) authentication using those two fields considering the (Auth::attempt) only deal with email and hashed password.
So is that possible and if so how to do it?
You can check credentials and login user manually:
$userSystem = UserSystem::where('user_id', $userId)->where('user_pass', $password)->first();
if (!is_null($userSystem)) {
// Manually login user.
$user = User::find($userId);
Auth::login($user);
}
But this is a terrible idea to use plain text passwords. You should never do that in a real app.
Perhaps I'm just unsure on the documentation. I've tried to figure it out, but I've never used this Codeigniter library before (Aauth). I'm attempting to create a form / page that will allow a user to change their password. The form works fine, but it's not changing the users password in the database.
The documentation says this:
Please note that I am not sure what "FALSE" represents. I do not see a change password method in the documentation provided here.
update_user($user_id, $email = FALSE, $pass = FALSE, $name = FALSE)
Updates user by using user_id
I'm not seeing any errors.
I'm writing something like this:
// get user info for currently logged user (this part works)
$userdata = $this->aauth->get_user();
// Change Password (not currently changing the password for the user)
$this->aauth->update_user($userdata->id, $userdata->email, $_POST['formpassword']);
Whoops, didn't realize when it said "FALSE" it meant it was required.
The correct solution:
// I did not want to change email or name. Password only.
$this->aauth->update_user($userdata->id, FALSE, $_POST['formpassword'], FALSE);
I have just started learning Laravel and I was following the documentation. I got to know that Laravel uses emails.auth.reminder view to be sent as an email to the user with the reset token. In my emails.auth.reminder, I have put the following:
Hello Dear User,<br><br>
We have received a request from your account to reset your password at Larblog. Please use the following link to reset your password.<br><br>
{{ URL::to( 'user/resetpassword/' . Session::get('_token') ) }}<br><br>
If it wasn't you who tried to reset the password, simply ignore this email.<br><br>
Thanks,<br>
- Larblog
Notice that, I am using Session::get('_token') to access the token. Is it the right way that I am doing it? As it's always generating the same token.Z7vKMT5ssfzeXsQcVkrYodoRmYnbjH0prdP83jBk again and again. And when I use this to reset the password, it says: Invalid token received. Also, I have checked in the password_reminders table of my database and it's showing different token. When I use the token stored in the database, it works.
So, what's right way to access the token in the view that is sent via email?
I'm not certain what the method is to access a password reminder token directly, however normally when sending the email it's done via the Password::remind() function, rather than the usual email function. When using this the $token variable is automatically passed into the email view so that you can use it.
An example use of this function is:
Password::remind(Input::only('email'), function ($message)
{
$message->subject('Password Reset');
});
And then accessing it in the view is as simple as:
To reset your password, complete this form: {{ URL::to('reset', array($token)) }}
The _token in the session isn't the password reminder token - it's the CSRF token automatically inserted for security reasons.
Since I don't know what your tables and models look like, it's hard to say exactly how you should get the actual password reminder token, but it's likely something like this:
$user = User::find($someid); // first fetch your user
$token = $user->passwordReminder->token; // now get the token
If your tables and models differ from my assumption, feel free to update your question and I'll be happy to update my answer. :)
I have been implementing a Google/Facebook authentication system on my site. I use their respective service to authenticate the user, then use the results to instantiate sessions on my end. The Google one is running no problem, but for the Facebook one I have hit a snag.
I can authenticate users with no problem, but when trying to authenticate a company or other Facebook page type, it fails.
For instance, using the GraphAPI, I am able to retrieve the values shown in one of their examples https://graph.facebook.com/btaylor and store it properly.
But when I try to use the same system to authenticate a company ( https://graph.facebook.com/nike for instance), it fails since the objects are not part of the user results returned by the GraphAPI.
Normal stuff setting up the call:
$FBcookie = get_facebook_cookie(YOUR_APP_ID, YOUR_APP_SECRET);
$user = json_decode(file_get_contents_curl('https://graph.facebook.com/me?access_token='.$FBcookie['access_token']));
And when storing results, it works fine as a user:
$_Fname =$user->first_name;
$_Lname =$user->last_name;
But trying to access the expected attributes seen at the Nike example above, nothing gets returned.
I even tried echoing out the object to see whats there:
print('<pre>');
print_r($user);
print('</pre>');
For the user, I see everything, for non-user (company, event or other page type), I see nothing.
Question is, has anyone seen what other objects we may need to query via the GraphAPI? The Facebook developer pages are all over the place and have no real concise tutorials on this.
Any help would be much appreciated ;)
Company/Page info on facebook is as follows:
$user->id;
$user->name;
$user->picture;
$user->link;
$user->likes;
$user->category;
$user->website;
$user->username;
$user->description;
$user->public_transit;
So $user->first_name; and $user->last_name; don't exist.
You could try something like this :
if(empty($user->first_name)&&empty($user->last_name)){
//probably company set $user->username;
}
I am implementing an authentication component,
This is my registration page
create('User',array('action' => 'login'));
echo $form->input('primary_email',array('size'=> 32));
echo $form->input('password',array('label' => 'Password'));
echo $form->input('remember_me',array('label' => 'Remember Me','type'=>'checkbox','checked' => 'false'));
echo $html->link('Forgot Password','/users/forgot/');
echo $form->end('Login');
// Javascripts
echo $javascript->link('jquery',false);
//echo $javascript->link('jquery.validate.js',false);
//echo $javascript->codeBlock($code, array('inline' => false));
?>
When I print the contents of $this->data the password field turns up empty.
How can I resolve this?
When I rename password to password2 or something else it works !!! Strange
this is because the Auth component removes the password from the data array (for security purposes). why would you want it to contain the password anyway? the remember me logic (which I assume you are using from the form fields) will handle logging someone in without the password.
I had the same issue and mrlanrat's suggestion worked for me.
Instead of trying to access $this->data['password'], you will need to access $this->Auth->data['password']
What basically happens is that the Auth component hashes the password and moves the hashed version into $this->Auth->data. The non-hashed version is deleted for security purposes.
So whenever you need to deal with data related to Auth component, make sure you're using $this->Auth->data and not $this->data.
I would like to see your login() function as well but indeed this problem seems weird. You can work around this by renaming your password field and then inside your login function do something like:
$this->data['password']=$this->Auth->password($this->data['User']['pwd']);
//now you can call $this->Auth->login and it will work
One thing you may be able to do is have the user confirm their password, and use it for the login function. I may be completely mis-reading what you're trying to accomplish, but if you have the user Confirm their password w/ a password 2 field, you can compare the two, and also use the starting state of the confirmation password for whatever it is that you're wanting to do.
So:
echo $form->input('password', array('label' => 'password'));
echo $form->input('password2', array('label' => 'Confirm Password'));
Inside of your logic for whatever you're wanting to accomplish, you can just put:
$morePermanentDataStorage = $this->data['User']['password2'];
if($this->data['User']['password'] == $this->Auth->password($this->data['User']['password2']) {
//function logic here
}
I am also assuming that your form logic from above actually starts with:
echo $form->create('User');
I had the same problem, Using $this->Auth->data['User']['user'] and $this->Auth->data['User']['password'] fixed it.
It looks like the auth controller removed the password from the data when it does its automagic.
I had the same problem and it was related to using the email field for login thru this method
$this->Auth->fields = array('username' => 'email', 'password' => 'password');
I couldn't resolve it, so I opted to include a username field on my database and now it works perfectly.
I had the same problem with some ExtJS authentication I was working on some weeks back.
A weird workaround is to go to /config/core.php and change the debug level temporarily e.g. change from Configure::write('debug', 0); to Configure::write('debug', 1); and then run your code - not necessarily the part with the Auth component - (and afterwards change the debug level back if you wish). $this->data['User']['password'] will now be populated with the hash value as intended.
What causes this in the first place still beats me :)
First of all, you need to comment the code Configure::write('Cache.disable', true); in the file core.php