I am using in-built Registration and Login code in Laravel 5.1
What I am doing ?
I did the registration and credentials are being saved successfully.
What's the problem ?
When I try to do the login, it says "These credentials do not match our records."
In postLogin Method , I saw the code : $credentials = $this->getCredentials($request); and when I printed values in $credentials and found that the Password value is plain text.
May be that's the reason the below line when executes always says User not found
if (Auth::attempt($credentials, $request->has('remember'))) {
Please suggest me the path
You should use bcrypt to encrypt the user password.
$user = new App\User;
$user->email = 'test#test.com';
$user->password = bcrypt('plain-text-password');
$user->save();
The Hash::check method allows you to verify that a given plain-text
string corresponds to a given hash.
if (Hash::check('plain-text-password', $hashedPassword)) {
// The passwords match...
}
I made many changes in the Framework. Those changes were like adding new columns in the User Table and code changes. Also changed from password to Password. Then I realized that at Authenticatable class under getAuthPassword function, it had to be Password and not password
Related
Is there a way I can create the user with the hashed password, not plain password?
public function post(StoreUserRequest $request) {
User::create($request->validated());
return redirect()->route('frontend.login')->with('message', 'Your account has been created!');
}
See the hashing docs here https://laravel.com/docs/5.8/hashing
You may hash a password by calling the make method on the Hash facade
public function post(StoreUserRequest $request)
{
$userData = $request->validated();
$userData['password'] = Hash::make($request->input['password']);
User::create($userData);
return redirect()->route('frontend.login')->with('message', 'Your account has been created!');
}
What are you using to Hash your password? But also you can, because a hash in just a string. Your field password in DB, probably is a string too. You can use Laravel Auth too. This provide a full authentication system with one line on terminal
php artisan make:auth
I use a SQLite database instead of MySQL for authentication on my Laravel app. The registration works perfectly, but the login does not work correctly.
I get the following error:
These credentials do not match our records.
Please, help me to solve it!
When you register a new user, the password about to be stored must be encrypted with the bcrypt() helper, such as bcryp($request->password).
Otherwise the credentials will not match during login time.
Also, if you did not use the users migration packed with Laravel, the password field must be a minimum of 64 characters in lenght.
Add this code in your User model
/**
* Hash password by bcrypt before save in database.
*
* #param type $password
*/
public function setPasswordAttribute($password)
{
if (isset($password)) {
$this->attributes['password'] = bcrypt($password);
}
}
everything is working but you have to ensure that
your SQLite DB is not open somewhere else
if it will open in DB browser or any other such type of tool just close that and try again later
will work fine
please please someone help me , my boss would kill me , this code is not working in laravel , because password is hashed , it is bcryted , how do i compare and get my us_id ( wich stands for username_id ) , the one that tried to login but has the wrong password , do you have any suggestioin , what i'm trying to do is very simple , i'm trying to understand if the user entered a wrong password but his/her username is right . i am beginner . sorry for that :( . i know this won't work , but what should i do to understand if the user entered a wrong password ?
public function login(Request $request, Logs $logs)
{
$password = $request->input('password');
$myuser = \DB::table('users')->where('password', $password)->first();
if (\Hash::check($password, $myuser->password)) {
$logdata = $myuser->id;
$logs->insert($logdata);
return view('MainPages.example', ['pass' => $password]);
}
}
The password is hashed by Laravel, so use the Hash::check() method:
if (\Hash::check($password, $myuser1->password)) {
The Laravel Hash facade provides secure Bcrypt hashing for storing user passwords. If you are using the built-in LoginController and RegisterController classes that are included with your Laravel application, they will automatically use Bcrypt for registration and authentication.
https://laravel.com/docs/5.5/hashing
You can't expect this to work.
Passwords are stored encrypted. Multiple people could theoretically have the exact same password, but none of them would look identical when stored. Therefore you don't know what to look for in the record, even if you know what password you are looking for because you don't know what salt was used for the particular record where it is stored.
You just can't retrieve a record on a password lookup like this. Rather, you have to retrieve the record first (based on some other key, eg. username or id) and then see if the password encrypts to match from the given password that has the ever important salt.
2 and I am having a problem while i register and login a user.
I worked on codeigniter as following code has been used to store password and hash:
array('user_login_salt' => md5($time_now),'user_login_password' => md5(md5(md5($time_now) . $password)),
'user_password_hash' => $this->encrypt->encode($password, md5(md5(md5($time_now) . $password))),
'user_security_hash' => md5($time_now . $password))
and when i log in the use then check the password as per condition as follows:
md5(md5(strtolower($this->encrypt->decode($user_details_array['user_password_hash'], $user_details_array['user_login_password']))))=== $user_password..
Now in laravel I want to do the exact same thing for register a user and user login. What i need exactly is i need to store user login salt, user login password, user password hash and user security hash. Security hash must be 32 character long exactly..
So please looking for any solution which registers the user in the same way and login by user_password_hash...
Thank you
Solution 1: Use Laravel build-in auth for login, logout
- In Console run
php artisan make:auth
This command creates users table, UserController and User Model. Now you can access yoururl/login,..etc
Solution 2: Handle manually with Hash in Laravel. Ex: In Controller
- Hash password
$hashedPassword = \Hash::make($password);
- Compare password
// Return true if password matches hash
$check = \Hash::check('plain-text-password', $hashedPassword)
So, I'm switching over to laravel for my site. My old site currently holds around 500 users. Each user has a md5 hash attached to them, as the password (duh ^^).
As I'm switching over to laravel, I wish to use the Auth::attempt
unfortunately it uses its own method to hash password strings. I don't want all my users to change their password, because I'm switching to laravel, is it possible to make the Auth class use md5 instead, so my users don't have to switch password? :)
If yes, can someone show me how?
MD5 is horribly outdated. I recommend that you don't try to keep it.
Instead, when a user first logs in, and Auth::attempt fails, you should then try to compare their password to the database as MD5
$user = User::where('username', '=', Input::get('username'))->first();
if(isset($user)) {
if($user->password == md5(Input::get('password'))) { // If their password is still MD5
$user->password = Hash::make(Input::get('password')); // Convert to new format
$user->save();
Auth::login(Input::get('username'));
}
}
Don't use md5 for password hashing. Even the php manual warns against it: "Warning It is not recommended to use this function to secure passwords, due to the fast nature of this hashing algorithm.".But in your case you can use the below snippet in your project
$user = User::where([
'login_id' => $request->login_id,
'password' => md5($request->password)
])->first();
if ($user) {
Auth::login($user);
return redirect()->intended('home')->withSuccess('User Signed in');
}