CODEWITHSUNDEEP
phplaraveloracle-databaseauthenticationlaravel-6.2
Luqman
Luqman

Reputation: 249

Using custom authentication on Laravel 6

I would like to manually authenticate the users in my company. The issue is that, I have 2 tables, called Student and Staff in the Oracle database.

As for the Student table, I get the idea of overriding the built in Auth method provided through the auth scaffolding command as the username and password are stored right into the table.

As for the Staff table, the password is stored a different column/table and encrypted using a stored procedure/package so the only way to get the user validation is by calling the package which only returns 0 or 1 only.

What I have done,

I wrote my own Routes, and added my own functions in LoginController.

public function loginStaff(Request $req){
    $username = Str::upper($req->input('username'));
    $password = $req->input('password');

    $users = PortalUser::where('ID', $username)->firstOrFail();

    if ($users->user_type == 'STAFF'){

       $queryResult = DB::select('select PACKAGE.validStaff(?,?) from dual',[$username, $password]);

       if($queryResult == 1){

              //this is where I would like to auth the user.
              //using Auth::Attempt and Auth::Login will only run the default query
       }

}

I have successfully returned value of 1 and 0 in the controller.

So is there anything that I am missing? Or should I manually set the session by myself using the session() method?

Thank you.

Upvotes: 0

Views: 1063

Answers (2)

iftikharyk
iftikharyk

Reputation: 959

Laravel provides Custom Session Drivers which you can use to create or delete your sessions

<?php

namespace App\Extensions;

class MongoSessionHandler implements \SessionHandlerInterface
{
    public function open($savePath, $sessionName) {}
    public function close() {}
    public function read($sessionId) {}
    public function write($sessionId, $data) {}
    public function destroy($sessionId) {}
    public function gc($lifetime) {}
}

Hope it helps, if not then comment down below. Will help you out.

###### Update #######

I think then you do have to make custom HTTP sessions from Laravel

Step 1: Create another table in your database for session, like this;

Schema::create('sessions', function ($table) {
    $table->string('id')->unique();
    $table->unsignedInteger('user_id')->nullable();
    $table->string('ip_address', 45)->nullable();
    $table->text('user_agent')->nullable();
    $table->text('payload');
    $table->integer('last_activity');
});

Step 2: Store data in the session, you will typically use the put method or the session helper;

// Via a request instance...
$request->session()->put('key', 'value');

// Via the global helper...
session(['key' => 'value']);

Step 3: Get the key for specific user when your function returns 1

$value = $request->session()->get('key', function () {
    return 'default';
});

Step 4: Delete the session, after some time you need to delete the session for security reasons then you can do.

$value = $request->session()->pull('key', 'default');

Upvotes: 1

user8555937
user8555937

Reputation: 2387

If you want to manually authenticate users, you can easily use sessions. Have the following code as reference:

//this is where I would like to auth the user.
//using Auth::Attempt and Auth::Login will only run the default query

// typically you store it using the user ID, but you can modify the session using other values.     
session()->put('user_id', user id from database here);

And if you want to check whether user is authenticated, modify RedirectIfAuthenticated middleware to this:

<?php

namespace App\Http\Middleware;

use App\Providers\RouteServiceProvider;
use Closure;
use Illuminate\Support\Facades\Auth;

class RedirectIfAuthenticated
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @param  string|null  $guard
     * @return mixed
     */
    public function handle($request, Closure $next, $guard = null)
    {
        if (session()->has('user_id')) {
            return redirect(  custom path here );
        }

        return $next($request);
    }
}

When you want to logout the user, simply destroy the session key

session()->forget('user_id');

**Note: ** many broadcasting and addons use Laravel's authentication system (Guards) and you may need to hook into their code if you want to use them with your custom auth system

Upvotes: 1

Related Questions