CODEWITHSUNDEEP
authenticationlaravellaravel-4
Milkncookiez
Milkncookiez

Reputation: 7407

Cannot authenticate session - laravel 4.2

if(Auth::attempt(['username' => Input::get('username'), 'password' => Input::get('password')])){
    return Auth::user();
}
return 'Failed!';

That is the problematic code and I am sure the problem is in the Auth::attempt line. I have found other topics about this, but neither of them had a solution. I.e.: https://laracasts.com/forum/?p=1314-laravel-from-scratch-authentication-lesson-help/0

My User model implements the UserInterface and I have also put use Illuminate\Support\Facades\Auth as Auth; in the controller, in case it is not recognized in the Auth::attempt part. Nevertheless, it doesn't work both with and without the use ....

I tried also with 

Auth::attempt(Input::only('username', 'password'))

And I always get to the Failed! part...

The password is stored as hashed string in the DB, and when I debug with the following:

echo Input::get('username') . "____" . Input::get('password');
die();

I get the correct results. So, I can't think of anything else than that the problem must occur in the ::attempt function.

Any sussgestions?

**Update: ** The User model

use Illuminate\Auth\UserTrait; use Illuminate\Auth\UserInterface; use Illuminate\Auth\Reminders\RemindableTrait; use Illuminate\Auth\Reminders\RemindableInterface;

class User extends Eloquent implements UserInterface, RemindableInterface {

    use UserTrait, RemindableTrait;

    protected $fillable = [
        'username',
        'password',
        'email'
    ];

    public static $rules = [
        'username' => 'required',
        'password' => 'required',
        'email'    => 'required'
    ];

    public static $error_messages;

    /**
     * The database table used by the model.
     * @var string
     */
    protected $table = 'users';

    /**
     * The attributes excluded from the model's JSON form.
     * @var array
     */
    protected $hidden = ['password', 'remember_token'];

    public static function isValid($input)
    {
        $validation = Validator::make($input, static::$rules);
        if ($validation->passes()) return true;

        static::$error_messages = $validation->messages();

        return false;
    }

Upvotes: 1

Views: 150

Answers (1)

Milkncookiez
Milkncookiez

Reputation: 7407

I found the reason for the problem:

Interesting enough, it was in the DB. The password column had a limit of 15 characters, whereas the hash coded password value has tens of characters. Therefore the hashing of password value, taken from the input, was not fully saved in the DB, but instead just the first 15 chars of the hash code. And, therefore, the de-hashing (if I can call it like that) was never successful. :)

This is a very foolish mistake, but very easy to stumble upon, in my opinion...

Upvotes: 1

Related Questions