Currently, when a user logs into my Laravel app I use the following rules...
// Validation rules
$rules = array(
'email' => 'required|email|exists:users,email',
'password' => 'required'
);
What I'm looking for is a validation rule for checking the password against the user.
From docs:
if (Auth::attempt(array('email' => $email, 'password' => $password))) {
return Redirect::intended('dashboard');
}
Example:
$userdata = array(
'email' => Input::get('email'),
'password' => Input::get('password')
);
$rules = array(
'email' => 'required|email|exists:users,email',
'password' => 'required'
);
// Validate the inputs.
$validator = Validator::make($userdata, $rules);
// Check if the form validates with success.
if ($validator->passes()) {
// Try to log the user in.
if (Auth::attempt($userdata)) {
// Redirect to homepage
return Redirect::to('')->with('success', 'You have logged in successfully');
} else {
// Redirect to the login page.
return Redirect::to('login')->withErrors(array('password' => 'Password invalid'))->withInput(Input::except('password'));
}
}
Related
I do not know how i can generate custom secret key for each user when they register. I do not want to use passport, i just want to generate custom .
Here is my code
public function register(Request $request)
{
// $validated = $request->validate([
// 'username' => 'required',
// 'phonenumber' => 'required|digits:10|unique:users',
// 'password' => 'required|string',
// 'device_serial_number' => 'required'
// ]);
$user = User::create([
'username' => $request->username,
'phonenumber' => $request->phonenumber,
'device_serial_number' => $request->device_serial_number,
'password' => bcrypt($request->password)
]);
if($user)
{
// $token = $user->createToken('Laravel Password Grant Client')->accessToken;
$user_secret_key = Str::random(60);
$user->user_secret_key = hash('sha256', $user_secret_key);
return response()->json(['token' => $token], 200);
} else{
return response('error');
}
$user = User::create([
'username' => $request->username,
'phonenumber' => $request->phonenumber,
'device_serial_number' => $request->device_serial_number,
'password' => bcrypt($request->password),
'user_secret_key' => Str::random(60);
]);
if($user){
$token = $user->user_secret_key;
return response()->json(['token' => $token], 200);
} else{
return response('error');
}
I have the following 2 methods to create and login a user in my API. I cannot login the user. These files are in the api.php within the routes folder. If I leave off the bcrypt($password) within the User::Create() method it still seems to hash the password somehow does the User::Create() method automatically hash the password. I am wondering if it is getting double hashed somehow.
Route::post('/register', function( Request $request){
$rules = [
'name' => 'required|max:255|alpha_dash|unique:users',
'email' => 'required|email|max:255|unique:users',
'password' => 'required|confirmed|min:6',
];
$input = $request->only(
'name',
'email',
'password',
'password_confirmation'
);
$validator = Validator::make($input, $rules);
if($validator->fails()) {
$error = $validator->messages();
return response()->json(['success'=> false, 'error'=> $error]);
}
$name = $request->name;
$email = $request->email;
$password = $request->password;
$user = User::create(['name' => $name, 'email' => $email, 'password' => bcrypt($password), 'api_token' => md5($email)]);
return response()->json(['success'=> true, 'data'=> $user]);
});
Route::post("/login", function (Request $request){
$rules = [
'email' => 'required|email',
'password' => 'required',
];
$input = $request->only('email', 'password');
$validator = Validator::make($input, $rules);
if($validator->fails()) {
$error = $validator->messages();
return response()->json(['success'=> false, 'error'=> $error]);
}
$email = $request->email;
$password = bcrypt($request->password);
if(\Auth::Attempt(['email' => $email, 'password' => $password])){
///How to get USER to return with Response
return response()->json(['success' => true]);
}else{
return response()->json(['success' => false, 'error' => 'Invalid Credentials', 'password' => $password, 'email' => $email]);
}
});
You bcrypt($request->password) but if you Auth::Attempt(['email' => $email, 'password' => $password]), laravel automatically hash the value.
So try in your login route just $password = $request->password;
From the docs:
The attempt method accepts an array of key / value pairs as its first argument. The values in the array will be used to find the user in your database table. So, in the example above, the user will be retrieved by the value of the email column. If the user is found, the hashed password stored in the database will be compared with the password value passed to the method via the array. You should not hash the password specified as the password value, since the framework will automatically hash the value before comparing it to the hashed password in the database. If the two hashed passwords match an authenticated session will be started for the user.
So this is what i came up with to "log the user in".
Route::post("/login", function (Request $request){
$rules = [
'email' => 'required|email',
'password' => 'required',
];
$input = $request->only('email', 'password');
$validator = Validator::make($input, $rules);
if($validator->fails()) {
$error = $validator->messages();
return response()->json(['success'=> false, 'error'=> $error]);
}
$email = $request['email'];
$password = $request['password'];
$user = User::where('email', $email)->first();
if($user){
if(\Hash::check($password, $user->password)){
return response()->json(['success' => true, 'user' => $user]);
}else{
return response()->json(['success' => false, 'error' => 'Invalid Credentials']);
}
}else{
return response()->json(['success' => false, 'error' => 'Invalid Credentials']);
}
});
I'm Laravel Beginner
I make some web application using laravel 4.2 then I make login page but when I try to login it's go to login fail condition every time
anyone tell why
here is my code
public function doLogIn(){
$rules = array(
'username' => 'required|min:3',
'password' => 'required|min:3'
);
$validator = Validator::make(Input::all(), $rules);
if ($validator->fails()) {
return 'Wrong Require';
}
else{
$user = array(
'username' => Input::get('username'),
'password' => Hash::make(Input::get('password'))
);
$password = Hash::make('password');
if (Auth::attempt($user))
{
return View::make('home.home');
}
else
{
return 'Wrong Password';
}
}
}
$user = array(
'username' => Input::get('username'),
'password' => Input::get('password')
);
You must remove Hash::make() in Auth::attempt(), because Laravel makes hashing automatically (I suppose that you register user with Hash::make(Input::get('password'))).
I am trying to make back-end validation for my form however it does not work. It always shows that validation failed even when I submitted the values.
Code
$validation = Validator::make(Input::all(), array(
array('email' => 'required'),
array('password' => 'required')
));
if ($validation->fails()) { // This is always failing
echo '<pre>';
print_r(Input::all());
die();
}
die('everything is OK!');
Output
Array
(
[_token] => ZnzZ2aDoTABIZZkvwxZoa7IjHkvK25ndibis5AbA
[email] => somedata
[password] => somemoredata
)
As you can see it failed even tho it clearly showed from Input:all() that values are set.
Try this :
$validation = Validator::make(Input::all(), array(
'email' => 'required',
'password' => 'required'
));
Not double array as you did :
$validation = Validator::make(Input::all(), array(
array('email' => 'required'), // Is shouldn't be an array here.
array('password' => 'required')
));
Change:
$validation = Validator::make(Input::all(), array(
array('email' => 'required'),
array('password' => 'required')
));
to
$validation = Validator::make(Input::all(), array(
'email' => 'required|email', // Note that I added in valid email rule here also
'password' => 'required'
));
I have a page setup to reset the user's email address password and the users zip_code for an application. I have it working correctly however, if for example I want to just change the zip code my validation will not allow it due to it reading the email as already existing in the database and returns an error. What is the best way around this? I could create a controller for each field and do it individually but I feel there is some if statement I could use maybe?
Controller:
enter
public function getEditUser() {
$userdata = array(
'email' => Input::get('email'),
'password' => Input::get('password'),
'confirm_password' => Input::get('confirm_password'),
'user_zip_code' => Input::get('user_zip_code')
);
$rules = array(
'email' => 'required|email|unique:users,email',
'password' => 'required|min:5',
'confirm_password' => 'required|same:password',
'user_zip_code' => 'required'
);
$validation = Validator::make($userdata, $rules);
if ($validation->fails()) {
return Redirect::to('dashboard/edit/account')->withErrors($validation)
->withInput();
}
$userdata['password'] = Hash::make($userdata['password']);
$userdata['confirm_password'] = Hash::make($userdata['confirm_password']);
User::find(Auth::user()->id)->update($userdata);
return Redirect::to('dashboard');
}
Unique needs to be in place obviously so it doesn't get matched with another account
Also my email is set through Auth..Auth::user()->email if that helps
You can set the validation unique rule to ignore the current id
$rules = array(
'email' => 'required|email|unique:users,email,'.Auth::user()->id,
'password' => 'required|min:5',
'confirm_password' => 'required|same:password',
'user_zip_code' => 'required'
);
See here for more info from the docs