CODEWITHSUNDEEP
phpauthenticationlaravellaravel-4
JelleP
JelleP

Reputation: 1004

Laravel authentication fails

I,ve just started with Laravel but i still have an problem with my authentication. I need to build my system on an existing database structure. The user table password uses md5 and i like to convert that to the Laravel Hash. But after converting the md5 password to hash the login fails with this new hash. I cannot find the solution for this problem.

Table

User model

use Illuminate\Auth\UserTrait;
use Illuminate\Auth\UserInterface;
use Illuminate\Auth\Reminders\RemindableTrait;
use Illuminate\Auth\Reminders\RemindableInterface;

class User extends Eloquent implements UserInterface, RemindableInterface {

use UserTrait, RemindableTrait;

/**
* The database table used by the model.
*
* @var string
*/
protected $table = 'gebruikers';


/**
* The attributes excluded from the model's JSON form.
*
* @var array
*/
protected $hidden = array('wachtwoord');

}

Login controller

class LoginController extends BaseController {

    function starten(){

        $rules = array(
           'gebruikersnaam'    => 'required', // make sure the email is an actual email
           'wachtwoord' => 'required' // password can only be alphanumeric and has to be greater than 3 characters
        );


        $validator = Validator::make(Input::all(), $rules);

        if ($validator->fails()) {
           return Redirect::to('/')
            ->withErrors($validator) 
            ->withInput(Input::except('password'));
        } else {

            $user = User::where('gebruikersnaam','=',Input::get('gebruikersnaam'))                      
                            ->first();

            if(isset($user)) {

                if($user->wachtwoord == md5(Input::get('wachtwoord'))) {
                    $user->wachtwoord = Hash::make(Input::get('wachtwoord'));
                    $user->save();
                }

            }           

            $userdata = array(
                'gebruikersnaam'  => Input::get('gebruikersnaam'),
                'wachtwoord'  => Input::get('wachtwoord')
            );

            if (Auth::attempt($userdata)) {

                return Redirect::to('users/dashboard')
                                ->with('message', 'You are now logged in!');

           } else {   
                return Redirect::to('/')
                                ->with('message', 'Deze combinatie van gebruikersnaam en wachtwoord lijkt helaas niet te kloppen')
                                ->withInput();

           }

        }

    }

}

Auth

return array(


    'driver' => 'eloquent',

    'model' => 'User',

    'table' => 'gebruikers',

    'reminder' => array(

      'email' => 'emails.auth.reminder',

      'table' => 'password_reminders',

      'expire' => 60,

     ), 

    'username' => 'gebruikersnaam',
    'password' => 'wachtwoord',

);

Note: Input::get('wachtwoord') and Input::get('gebruikersnaam') are filled correctly by post in the controller. The md5 is correcly changed to the Laravel hash in my db so i cannot find the problem what i dealing with.

Note2: "gebruikersnaam" is dutch for username and "wachtwoord" is dutch for password

Note 3: i use Laravel 4

** EDIT **

Output $user

["attributes":protected]=> array(16) { ["id"]=> int(8681) ["gebruikersnaam"]=> string(22) "---" ["wachtwoord"]=> string(60) "$2y$10$i3bemDK9NzNf/E0jmliv/eBPrqhq/3s3WGPTX3h6WNCMlXcS5W51i" ["email"]=> string(22) "---" ["voornaam"]=> string(5) "Jelle" ["tussenvoegsel"]=> NULL ["achternaam"]=> string(4) "Pals" ["school_id"]=> int(110) ["telefoonnummer"]=> string(10) "0655684308" ["geslacht"]=> string(3) "man" ["geboortedatum"]=> string(19) "1990-03-22 09:00:00" ["groep_id"]=> int(8811) ["status"]=> string(1) "1" ["updated_at"]=> string(19) "2014-06-25 14:53:43" ["created_at"]=> string(19) "0000-00-00 00:00:00" ["remember_token"]=> string(0) "" }

**Found strange 000000 in updated_at **

enter image description here

Upvotes: 0

Views: 457

Answers (1)

alexrussell
alexrussell

Reputation: 14202

I think the issue is that you're using the default Eloquent user settings (UserTrait) which assume that your password field is 'password' (see here), but you're using 'wachtwoord'. As such, logins fail due to the lack of a value in the password column (due to the lack of the column entirely) to test passwords on.

In case you're thinking "but I clearly specify the password column in my auth config!" that's unfortunately a bit of a red herring - that part of the config is for if you use the standard DB auth, whereas you are using Eloquent auth (notice how, in your config, you have driver set to eloquent?), so you need to specify these fields in your model as per the interface.

Luckily, a class's own implementation overrides that of a trait, so you can theoretically keep the trait on your model, and just override the getAuthPassword method.

That said, that trait (and the remindable one) does very much assume you're using English names everywhere, so it may be worth you removing the two traits entirely (UserTrait and RemindableTrait) and writing your own versions of the interface methods, as you'll likely see the same thing happen if/when you use "remember me" or "forgotten password".

Edit: initial suggestion:

use Illuminate\Auth\UserTrait;
use Illuminate\Auth\UserInterface;
use Illuminate\Auth\Reminders\RemindableTrait;
use Illuminate\Auth\Reminders\RemindableInterface;

class User extends Eloquent implements UserInterface, RemindableInterface
{
    use UserTrait, RemindableTrait;

    /**
     * The database table used by the model.
     *
     * @var string
     */
    protected $table = 'gebruikers';


    /**
     * The attributes excluded from the model's JSON form.
     *
     * @var array
     */
    protected $hidden = array('wachtwoord');

    /**
     * Override UserTrait#getAuthPassword
     */
    public function getAuthPassword()
    {
        return $this->wachtwoord;
    }
}

But, as I say, if you continue to use Dutch column names, you'll end up being better off dropping the traits entirely and implementing the methods yourself:

use Illuminate\Auth\UserInterface;
use Illuminate\Auth\Reminders\RemindableInterface;

class User extends Eloquent implements UserInterface, RemindableInterface
{
    /**
     * The database table used by the model.
     *
     * @var string
     */
    protected $table = 'gebruikers';


    /**
     * The attributes excluded from the model's JSON form.
     *
     * @var array
     */
    protected $hidden = array('wachtwoord');

    /**
     * Get the unique identifier for the user.
     *
     * @return mixed
     */
    public function getAuthIdentifier()
    {
        return $this->getKey();
    }

    /**
     * Get the password for the user.
     *
     * @return string
     */
    public function getAuthPassword()
    {
        return $this->wachtwoord;
    }

    /**
     * Get the token value for the "remember me" session.
     *
     * @return string
     */
    public function getRememberToken()
    {
        return $this->aandenken_onthouden; // okay I made this up based on Google translate and some guesswork, use your own version!
    }

    /**
     * Set the token value for the "remember me" session.
     *
     * @param  string  $value
     * @return void
     */
    public function setRememberToken($value)
    {
        $this->aandenken_onthouden = $value;
    }

    /**
     * Get the column name for the "remember me" token.
     *
     * @return string
     */
    public function getRememberTokenName()
    {
        return 'aandenken_onthouden';
    }

    /**
     * Get the e-mail address where password reminders are sent.
     *
     * @return string
     */
    public function getReminderEmail()
    {
        return $this->email;
    }
}

Upvotes: 3

Related Questions