Menu
I have id and password, in table account. I'll login with id and password. And the results is bad
auth.php
'driver' => 'database',
'model' => 'Pass',
'table' => 'account',
models/Pass.php
use Illuminate\Auth\UserTrait;
use Illuminate\Auth\UserInterface;
use Illuminate\Auth\Reminders\RemindableTrait;
use Illuminate\Auth\Reminders\RemindableInterface;
class Pass extends \Eloquent implements UserInterface, RemindableInterface
{
use UserTrait, RemindableTrait;
protected $table = 'account';
PassController.php
public function authenticate()
{
$userdata = array( 'id' => Input::get('id'), 'password' => Input::get('password'));
if(Auth::attempt($userdata))
{
echo 'oke';
}
else
{
echo 'bad';
}
}
in views
{{Form::open(array('action' => 'PassController@authenticate')) }}
...
routes.php
Route::post('book/auth', 'PassController@authenticate');
How to resolve this? I use laravel 4.2
523
You definitely should, no you basically have to store passwords hashed. Having plain text passwords in your db is a major security risk.
Now obviously you need to hash the password when creating a new user. (in your registration controller or something like that).
However to change your existing password manually you can use artisan tinker to generate a hash.
php artisan tinker
> echo Hash::make('your-secret-password');
Then copy the hash and update it in your db.
Also make sure that the password field in your database is at least 60 characters long otherwise the hash will be truncated.
Try this one for testing:
public function authenticate()
{
$user = Pass::find(Input::get('id'));
if(Hash::check(Input::get('password'), $user->password))
{
echo 'oke';
}
else
{
echo 'bad';
}
}
If your hashed password colummn is called hashed_pass (or anything else than password) you need to specify that in your model:
public function getAuthPassword()
{
return $this->hashed_pass;
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
