I have a big problem with creating users from the admin panel;
Users are created correctly, but they do not work on the main page ..
Then I create an admin type user and I will log in with the main page and I get an error: 'those credentials do not match our records'
which is the error?
admin/userController
public function store(SaveUserRequest $request)
{
$data = [
'name' => $request->get('name'),
'last_name' => $request->get('last_name'),
'email' => $request->get('email'),
'user' => $request->get('user'),
'password' => $request->get('password'),
'type' => $request->get('type'),
'active' => $request->has('active') ? 1 : 0,
'address' => $request->get('address')
];
$user = User::create($data);
$message = $user ? 'Usuario agregado correctamente!' : 'El usuario NO pudo agregarse!';
return redirect()->route('admin.user.index')->with('message', $message);
}
It seems you do not hash your password, when saving the user (you can verify this by looking in the users table in your database and check if you can see the clear text in the passwords column for your users).
To correct this, just replace
'password' => $request->get('password'),
with
'password' => bcrypt($request->get('password')),
in your $data array.
Hope that helps!
Related
okay, this is my first time to ask a question here so please give grace if it's not very clear. Anyway, I have this code in Laravel Billing.php.
Is this correct? Whenever a new customer is created, it doesn't have it's user email address but instead this unknown#domain.com was assigned to the user.
This was set by my previous developer. But ever since we hired him for just simple fix, we've had numerous issues with the site.
$stripeCustomer = StripeCustomer::create([
'email' => $currentCustomer->email ? $currentCustomer->email : 'unknown#domain.com',
'description' => $company->name,
'metadata' => [
'company_id' => $company->id,
'card_owner_email' => $currentCustomer->email ? $currentCustomer->email : false,
'company_name' => $company->name,
],
]);
You can remove customer email from the StripeCustomer when creating since stripe API said that email field of customer is optional. Here is the reference link
Here what you should fix:
$customerObject = [
'description' => $company->name,
'metadata' => [
'company_id' => $company->id,
'company_name' => $company->name,
],
];
if ($currentCustomer->email) {
$customerMetadata["metadata"]["card_owner_email"] = $currentCustomer->email;
$customerObject["email"] = $currentCustomer->email;
}
$stripeCustomer = StripeCustomer::create($customerObject);
I used Laravel's guide to authenticating users manually at this link:
https://laravel.com/docs/7.x/authentication#remembering-users
and now I want to log every login's browser, version, platform, and ip.
My function on login:
public function store(Request $request)
{
$this->validate($request, [
'username' => 'required',
'password' => 'required'
]);
if (Auth::guard('admin')->attempt(['username' => $request->username, 'password' => $request->password, 'status' => 1], $request->remember)) {
$browserDetails = get_browser($request->header('User-Agent'), true);
LoginHistory::create([
'user_id' => auth()->guard('admin')->user()->id,
'user_type' => '2', // Admin = 2
'browser' => $browserDetails['browser'],
'browser_version' => $browserDetails['version'],
'platform' => $browserDetails['platform'],
'ip_address' => $request->ip()
]);
return redirect()->route('admin.dashboard');
}
return redirect()->back()->withErrors('Username or password incorrect.');
}
but I am getting:
ErrorException
Trying to get property 'id' of non-object
on this line:
'user_id' => auth()->guard('admin')->user()->id,
What should I do? The authentication works if I try to access login it will redirect me to dashboard so the session is created, but why can I not access the user id inside this function? It works on the edit admins page showing user id and all information.
use auth()->user()->id. when attempt () is executed and this is successful it performs the authentication
I got this code in laravel that allows an administrator to update an user's password:
public function editarmembro(Request $dados) {
$validatedData = $dados->validate([
'name' => 'required',
'email' => 'required',
'credencial' => 'required',
]);
$dados = $dados->all();
if (!empty($dados['password'])) {
$dados['password'] = Hash::make($dados['password']);
}
DB::table('users')->where('id', $dados['id'])->update(
[ 'name' => $dados['name'], 'email' => $dados['email'], 'credencial' => $dados['credencial'], 'password' => $dados['password'], 'sobre' => $dados['sobre'], 'updated_at' => Carbon::now(), ]
);
return redirect()->route('membros')->with('mensagemSucesso', 'As informações do membro "'.$dados['name'].'" foram atualizadas com sucesso.');
}
My problem is, if he left the password field blank, i get an error screen saying that the password field cannot be NULL. I want my code to NOT update the password if he left the password field blank, but DO update if he inserts something in password field.
Help, pls.
You can remove it from the $dados array if it's empty:
if (!empty($dados['password']))
$dados['password'] = Hash::make($dados['password']);
else
unset($dados['password']);
or with ternary operator
!empty($dados['password'])? $dados['password'] = Hash::make($dados['password']): unset($dados['password']);
and since all the names of the fields match those of the request and the updated_at field should auto-complete, you don't need to reassemble the array for the update.
DB::table('users')->where('id', $dados['id'])->update($dados);
If you want to reassemble the array anyway, you can do so
$update_dados = [
'name' => $dados['name'],
'email' => $dados['email'],
'credencial' => $dados['credencial'],
'sobre' => $dados['sobre'],
'updated_at' => Carbon::now(),
];
if (!empty($dados['password']))
$update_dados['password'] = Hash::make($dados['password']);
DB::table('users')->where('id', $dados['id'])->update($update_dados);
You just need to merge to the array with all the values (except the password) the password only if exists / is set:
$your_array = [
'name' => $dados['name'],
'email' => $dados['email'],
'credencial' => $dados['credencial'],
'sobre' => $dados['sobre'],
'updated_at' => Carbon::now(),
];
DB::table('users')->where('id', $dados['id'])->update(
empty($dados['password']) ? $your_array : array_merge($your_array, ['password' => $dados['password']])
);
When I register a user, using Laravels built in controller Auth\RegisterController.php, everything works great and I'm immediately logged in.
The problem is when I logout and try to login via Auth\LoginController.php, It shows that the password is incorrect.
Code looks like this:
RegisterController.php
$user = $this->create([
'name' => $request['name'],
'email' => $request['email'],
'password' => Hash::make($request['password']),
]);
LoginController.php
if(!Auth::attempt(request(['email', 'password']))) {
return back()->withErrors([
'message' => 'Wrong Emial or Password!'
]);
}
I've checked the database and everything seems ok.
What is also weird about this problem, is when I hash the password ( using Hash::make('password') ) with php artisan tinker and then replace it in the database for the same user, everything works...
You shouldn't send a hashed password to the create() function, the function takes care of that. The reason you can't login is because you hashed the password twice.
$user = $this->create([
'name' => $request['name'],
'email' => $request['email'],
'password' => $request['password'],
]);
I'm developing an API for an application that I'm creating. This application will get all the information from this API (first will auth the user, then get information)
Right now, I'm trying to make the user send a username and password to the API, it validates the information and returns if it's "ok" or "not", very simple to start only. I know all the security involved in this, just need to get this working.
Already managed to send the username and passsword on the API Side (and i'm 100% sure that the data is correctly saved). Though, when I call
$this->Auth->identify($this->request->data);
It always returns false to me (already tried with parameters and without, result is the same).
I'm using the HttpRequester, firefox plugin, to send information.
I've did a debug of $this->request->data to see if the information is correct, and it is. Can't do a find on database since the password is being hashed.
The database password field is a varchar with 300 length (already tried with 255, also no work)
Thanks for the help
EDIT:
$this->loadComponent('Auth', [
'authenticate' => [
'Form' => [
'fields' => [
'username' => 'email',
'password' => 'password'
]
],
]
]);
if($this->request->is('POST')){
//debug($this->request->data);
$user = $this->Auth->identify($this->request->data);
}
Users Table:
protected $_accessible = [
'*' => true,
];
/**
* Hash password
*
*/
protected function _setPassword($password)
{
return (new DefaultPasswordHasher)->hash($password);
}
protected function _getFullName()
{
if(isset($this->_properties['full_name'])){
return ucwords(mb_strtolower($this->_properties['full_name']));
}
}
ps: Also tried doing the following (replacing the variables form post, but also no luck)
$this->request->data['username'] = "xxxx";
$this->request->data['password'] = "zzzz";
Problem is here
'Form' => [
'fields' => [
'username' => 'email', //email is your database field
'password' => 'password' // password is your database field name
]
],
Your code should be
'Form' => [
'fields' => [
'username' => 'username',
'password' => 'password'
]
],
Details check Configuring Authentication Handlers