CODEWITHSUNDEEP
phpauthenticationlaravellaravel-4
Daniel Morgan
Daniel Morgan

Reputation: 561

Laravel 4 Authentication

I'm having trouble getting the Authentication to work with laravel 4. This is my whole sign in function when a user enters their email and password into the form.

public function getSignin() {
    $return_arr = array();

    $email = Input::get('email');
    $password = Input::get('password');

    $validation = Validator::make(
                    array(
                'Email' => $email,
                'Password' => $password
                    ), array(
                'Email' => 'required|Email',
                'Password' => 'required'
                    )
    );

    if ($validation->passes()) {
        $pass = base64_encode($password);

        $details = array ('email' => $email, 'password' => $pass);

        if (Auth::attempt($details)) {
            $return_arr['frm_check'] = 'success';
            $return_arr['msg'] = 'logged in';
        } else {
            $return_arr['frm_check'] = 'error';
            $return_arr['msg'] = 'log in failed';
        }
    } else {
        $errors = $validation->messages();
        $return_arr['frm_check'] = 'error';
        $return_arr['msg'] = $errors->first();
    }

    echo json_encode($return_arr);
    $this->layout = null;
    return;
}

Even though the email and password are in the same row in the database, it still returns log in failed, was wondering if anyone could shed some light on to this situation?

If I've missed off any other crucial details let me know and I'll post them right away. Thanks in advance.

Upvotes: 0

Views: 1188

Answers (3)

assertchris
assertchris

Reputation: 161

Here's a tutorial I wrote; which might help!

https://medium.com/on-coding/e8d93c9ce0e2

Upvotes: 0

Antonio Carlos Ribeiro
Antonio Carlos Ribeiro

Reputation: 87789

Unless you have base64 encoded your password on save(), remove this line from your code:

$pass = base64_encode($password);

And edit this one to: 

$details = array ('email' => $email, 'password' => $password);

Auth::attempt() will hash it for you, using something safer than base64.

EDIT:

To correctly save your passwords you have to do something like this:

$user = new User;
$user->email = '[email protected]';
$user->password = Hash::make('mySuperSecretPassword');
$user->save();

Then you can user attempt just passing it unhashed.

Upvotes: 0

msturdy
msturdy

Reputation: 10794

Based on your comments...

When you're creating your $user, use Hash::make($password) to hash the password using BCrypt, before saving it in your db.

Then, when the user's logging in just use Auth::attempt($credentials) as you are, but don't use base_64 to encrypt it, the Auth method does it all for you!

Much more on the excellent Laravel docs: http://laravel.com/docs/security

Upvotes: 3

Related Questions