i am using laravel manual authentication system.Submitting the form redirects to this route shown below.And in the authenticate () function the name and password never matches to which i stored earlier. i.e. Auth::attempt
is always false.
Route::post('/logintest', 'mycontroller@authenticate');
Route::get('/home', ['middleware' => 'auth', function() {
echo "home page";});
}]);
authenticate function:
public function authenticate(Request $request)
{
$input=$request->all();
$password=$input['password'];
$name=$input['name'];
if (Auth::attempt(['Name' => $name, 'Password' => $password]) ){
return redirect()->intended('/home');
} else
{
return redirect('/login')->with('message','Error logging in!');
}
}
I've registered the user this way. the password is hashed using bcrypt(). function. but in authenticate() function i am comparing with plain password. i somewhere read Auth
automatically handles it. OR Is there something should i change in config/auth.php because i've used name to authenticate instead of username?
public function register(Request $request)
{
$input=$request->all();
$password=bcrypt($input['password']);
$name=$input['name'];
$insert= User::insert(['Name'=>$name,'Password'=>$password]);
return redirect('/login')
->with('message','successfully Registered.');
}
There is a problem with the names. Auth@attempt
takes all those credentials, except password
(case sensitive), that you pass in that array and runs a where query (This is how you can add extra constraints to the attempt, as they are just where conditions). If it finds a model it then will do a hash check on the password
credential (case sensitive) you passed and the model's hashed password which it gets from $model->getAuthPassword()
.
This field in the credentials is a special one as it is what Auth needs so it knows what field in the credentials is meant to be the password. It does not correlate directly to the field you have used on your users
table, and must be named password
in the credentials array. The other fields in the credentials you pass, besides 'password', do correlate directly to the fields on the users table as they are conditions for a database query on that table.
You have to declare in your User model if you are using a field other than 'password' on the table as the password. In your case you are using 'Password'. (this is all case sensitive)
class User ....
{
...
public function getAuthPassword()
{
return $this->Password; // case sensitive
}
...
}
When passing the credentials you pass the plain text password as there will be a hash_check
happening, not a direct comparison.
You can name the fields what ever you want on your actual table, you just have to make Eloquent aware of this.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With