Simple authentication with Laravel 4

Question

I'm trying to make the simple way laravel authentication but i'm can't make works fine. Seems like the attempt doesn't work.

My auth.php

'driver' => 'eloquent',
        'model' => 'User',
        'table' => 'users',
            'reminder' => array(
               'email' => 'emails.auth.reminder', 'table' => 'password_reminders',
            ),

UserController.php

I alerady read that we need to save the password with the Hash::make();. So its already done.

public function signin() 
    {

    $username = Input::get('username');
    $password = Input::get('password');

    $users = User::where('username', $username)->get();

    try {
        if (!sizeof($users))
            throw new Exception('Oops! Username or password don't match.');

        $user = $users[0];

        if (!$user)
            throw new Exception('Oops! Username or password don't match');

        if(Hash::check($password, $user->password))
            throw new Exception(Oops! Username or password don't match);

        Auth::attempt(array('name'=>$user->name, 'email'=>$user->email, 'password'=>$user->password));

        if (Auth::check())
        {
                throw new Exception('Works fine');
        }

        $this->success = 'YES';

    } catch (Exception $e) {
        $this->message = $e->getMessage();
    }

    return Response::json(array('success' => $this->success, 'message' => $this->message));
}

login.blade.php

  <body>

    <div class="container">


      <form class="form-signin" role="form" onsubmit="return false;">
      {{ Form::token(); }}
        <h2 class="form-signin-heading">Login</h2>
        <input id="username" type="text" class="form-control" placeholder="Username" required autofocus>
        <input id="password" type="password" class="form-control" placeholder="Senha" required>
        <label class="checkbox">
          <input type="checkbox" value="remember-me"> Manter conectado
        </label>
        <button id="btn-signin" class="btn btn-lg btn-primary btn-block" type="submit">Entrar</button>
      </form>

    </div>

  </body>

  <script src="//code.jquery.com/jquery.js"></script>
  <script src="//netdna.bootstrapcdn.com/bootstrap/3.0.2/js/bootstrap.min.js"></script>
  <script src="//cdnjs.cloudflare.com/ajax/libs/jasny-bootstrap/3.0.1-p7/js/bootstrap.min.js"></script>

  <script type="text/javascript">

jQuery(document).ready(function($) {

$("#btn-signin").click(function() {     

    $.ajax({
            url: "/intranet/public/user/signin",
            type: "POST",
            data: {username: $("#username")[0].value, password: $("#password")[0].value},
            context: document.body, 
            success: function(json, status, xhr) {

                var message;

                if (json.success=="YES") {
                    window.location = "{{ url('/home')}}";
                } else {
                    alert(json.message);
                }
            }, 
            error: function(evt) {
                var response = jQuery.parseJSON(evt.responseText);
                alert(response.error.type+': '+response.error.message)
            }
        });
    });
});         

Answer 1

I think you're doing too much and I could see some problems, in my opinion this is enough:

public function signin() 
{
    $username = Input::get('username');
    $password = Input::get('password');

    $user = User::where('username', $username)->first();

    $this->message = '';

    try {

        if ( ! $user || ! Auth::attempt(array('email' => $user->email, 'password' => $password)) )
        {
            throw new Exception("Oops! Username or password don't match");
        }

        $this->success = 'YES';

    } catch (Exception $e) {
        $this->message = $e->getMessage();

        $this->success = 'NO';
    }

    return Response::json(array('success' => $this->success, 'message' => $this->message));
}

Answer 2

if(Hash::check($password, $user->password))

should be

if( ! Hash::check($password, $user->password))