I'm getting a strange problem with Laravel.
After creating a user normally, user can login the first time but after this, Auth::attempt
always fails. I can only login again by updating the user password via code and when I check database all passwords are hashed properly.
I can't seem to understand why this is happening. Here's my code
Register method
$user = new User;
$user->username = Input::get('username');
$user->email = Input::get('email');
$user->password = Input::get('password');
$user->save();
$general = Role::find(3);
$user->roles()->attach($general->id);
Login Method
$username = Input::get('username');
$pwd = Input::get('password');
if (!($pwd && $username)) {
return Redirect::intended('user/login')->withMessage('Emtpy username/password')->withInput();
}
if (Auth::attempt(array('username' => $username, 'password' => $pwd))){
return Redirect::intended('user/dashboard');
}
elseif (Auth::attempt(array('email' => $username, 'password' => $pwd))) {
return Redirect::intended('user/dashboard');
}
else {
return Redirect::intended('user/login')->withMessage('Incorrect username/password')->withInput();
}
User Model
public static function boot()
{
parent::boot();
static::saving(function($data) {
$data->password = Hash::make($data->password);
unset($data->password_confirmation);
return true;
});
}
The attempt method accepts an array of key / value pairs as its first argument. The password value will be hashed. The other values in the array will be used to find the user in your database table. So, in the example above, the user will be retrieved by the value of the email column.
Laravel authentication offers remember me functionality out of the box. In order to use it you need to do 2 things: add remember_token column in your users table - this is where the token will be stored. pass true as a second parameter of Auth::attempt() to enable remember me behaviour.
How do I enable authentication in Laravel? You need to Install the laravel/ui Composer bundle and run php artisan ui vue –auth in a new Laravel application. After migrating your database, open http://your-app.test/register or any other URL that's assigned to your application on your browser.
In the user login controller in the login module, there are the following codes: $loggedIn = $this->auth->login( [ 'email' => $request->email, 'password' => $request->password, ], (bool) $request->get('remember_me', false) );
The problem is you are using the wrong event listener.
You have incorrectly hooked into the save
event, which is called every time there is a change to the user model (i.e. on both creating
and updating
).
This means every time the user logs in, and does some action (update login count, change their first name etc) - it causes the model to re-hash the already hashed password, thus rendering it broken.
There are two options to fix this.
Option one is to change the event to only work on the creating
event. But this means later on when you need to update the user password, it will not be re-hashed correctly, so option 2 is better.
Option 2 is to not use any event, and just use a mutator function - which is designed for this exact situation.
class User extends Eloquent {
public function setPasswordAttribute($value)
{
$this->attributes['password'] = Hash::make($value);
}
}
This way, no matter where/when someone changes the user password, it will be hashed, but only when a change is actually needed.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With