when we use laravel after enter email and password and when our email or password pr both of them are wrong, the laravel tell us just one message for all probably situations , i just want to separate the errors , e.g your password is wrong or your email not found or we cannot find this user etc.
i just customize the auth.php file in lang folder and set this :
'failed' => 'Login Failed!!',
i want to add more condition for my login errors
please help me to do this task
thanks for your helping :)
Not a good idea to do it separately in terms of protecting the privacy of the users, because the general error message doesn't categorically inform the potentially malicious person or bot that "You found the right email, now all you have to guess is the password".
The simple way is adding exists:users validation to the validateLogin method of AuthenticatesUsers trait by overriding it on Login Controller:
// app\Http\Controllers\Auth\LoginController.php
use Illuminate\Http\Request;
protected function validateLogin(Request $request)
{
$request->validate([
$this->username() => 'required|string|exists:users',
'password' => 'required|string',
]);
}
It will check if the entered username (by default email) exists on users table or not.
It not a good idea to separate both as it will let others know which section or input they entered wrong.
You can add on the message of login failed!!! but dont let the user know which part they entered wrongly.
Related
I am developing a Laravel 6.6.2 project and I came across this problem I can't seem to fix.
In the file login.blade.php view i'm trying to change name="email" in the input fields to name="login-email". But when I do this the login doesn't work anymore. So I think that Laravel uses the name email somewhere to validate the login. I can't find where Laravel looks for the name email instead of login-email and if this even is needed to change?
The reason I need to change this is because javascripts use the name value too. (Because I brought a template). I am still learning Laravel so don't be to harsh. Thanks in Advance.
Laravel has excellent documentation. This is always a good place to start.
# Authenticating
https://laravel.com/docs/6.x/authentication#included-authenticating
Username Customization
By default, Laravel uses the email field for authentication. If you would like to customize this, you may define a username method on your LoginController:
In your case, you would return login-email from the username method.
public function username()
{
return 'login-email';
}
Of course, you will also need to add or rename this field in the database if you haven't already.
Alternatively to renaming the field in the database, you could override the credentials method.
protected function credentials(Request $request)
{
return [
'email' => $request->{$this->username()},
'password' => $request->password,
];
}
I thought this would be an easy task and would be the default functionality ... I was wrong.
I am attempting to redirect the user to the dashboard once logged in, I have tried this several ways:
return redirect('/dashboard');
return redirect()->to('/dashboard');
return redirect()->route('dashboard');
All of these work to display the dashboard, but they do not change the URL, so you cannot tell the user location from the address. Could someone please tell me what is required to achieve this.
i had this problem & saw that my mistake was in the Route file.
i had twice a time [..., 'index'] action defined in the same controller
Route::post('/cart', [CheckoutController::class, 'index'])->name('checkout.cart');
Route::get('/checkout', [CheckoutController::class, 'index'])->name('checkout.index');
I have a website, which has a form. Within the form, I have a button linked to socialite where a user can click on it and it will retrieve the name and email from Facebook. Then, I redirect the user back to the form to either fill in the remaining information or submit the form.
However, all of the other information is lost upon return to the page.
I have tried to pass a 'Request $request' within the function. However, it never actually gets the information as the button isn't exactly submitting the form.
Is there any way of ensuring that the previous information is pushed through to the Route and that this information is then pushed back to the redirect?
Here is my code so far:
web.php
Route::get('login/{service}', 'Auth\LoginController#redirectToProvider')->name('social');
Route::get('login/{service}/callback', 'Auth\LoginController#handleProviderCallback');
LoginController.php
public function handleProviderCallback(Request $request, $service)
{
$user = Socialite::driver($service)->stateless()->user();
return redirect()->back()
->with(['social' => 'social', 'name' => $user->name, 'email' => $user->email])
->withInput($request->all);
}
(Note: within the view, I am, of course, using {{ old('input_name') }} to get the inputs whenever the form fails after submission.)
Is there any way to get the information from Socialite and return back to the form without losing the previous information?
All suggestions, help, and comments are highly appreciated :)
Thanks!!
The problem is when the user is redirected to social provider, say facebook, the form data will not in that request, so when facebook redirects to the callback you will not find the form data there! ( facebook will not carry it for you )
You likely need to use some javascript here. look at hellojs
I try to implement microservice arhitecture.Because I new in it,can maybe someone can tell me:
- can I use JWT for communication to services,when someone login into one service.Is that secure way or there is something better?
- how do I parse JWT and get user id or some other data from it to have it in other service which didn't have users table?Like is it expiried,user id...
Thank you a loot if someone can help me to send me a direction for it.
I'm partial to the tymon/jwt-auth package for this, which largely uses 'namshi/jose' under the hood. As long as the jwt.secret is the same between each system that may need to use the tokens, you should be able to just call JWTAuth::getPayload($token)->toArray() to decode them.
You do need a user table, but it doesn't have to be the user table already speced out in Laravel. Any Model that implements the Illuminate\Auth\Authenticatable interface, such as by extending the Illuminate\Foundation\Auth\User model will do.
If you want to inject additional data into the token beyond the user table that the login credentials are being validated against, just add an array as the second parameter to the login attempt:
//The key names here are defined by the return values of methods described in the Authenticatable interface.
$credentials = [
'username' => 'your_user',
'password' => 'your_password'
];
$customClaims = [
'someOtherDatapoint' => 'more_data'
];
$token = JWTAuth::attempt($credentials, $customClaims);
You could also go directly to the token-creation without authentication:
$user = app(YourUserModel::class)->first($id);
$token = JWTAuth::fromUser($user, $customClaims);
This is relatively secure, but I'm not sure if it's the best way to communicate encrypted data. You might want to just use the encrypt() and decrypt() helper functions, that are based off the APP_KEY. You could also look at Laravel-Passport, https://laravel.com/docs/5.6/passport, for authentication, which uses OAuth2.
I use Laravel 5.4 and need to login user in my system. I have next login.blade.php
where i have email and password field. In my controller I have next
protected function log() {
$email=Input::get('email');
$pass=Input::get('password');
$user = DB::select("SELECT * FROM users where email = '".$email."' and password = '".$pass."'");
foreach($user as $users){
if(Input::get('email') == $users->email){
return redirect('/');
}else{
return view('site.warning');
}
}
}
How can I return logged user in my redirect('/') and show them in my site.
Any idea?
Use the attempt() method:
if (Auth::attempt(['email' => $request->email, 'password' => $request->password])) {
From the docs:
The attempt method accepts an array of key / value pairs as its first argument. The values in the array will be used to find the user in your database table. So, in the example above, the user will be retrieved by the value of the email column. If the user is found, the hashed password stored in the database will be compared with the password value passed to the method via the array.
This method will work for you if you're using bcrypt() or Hash::make() to generate password hash.
Please do not create your own login system!
Now that's out of the way the explanation.
There is (almost) no good reason to create your own login system, as your code already showed. Your current code is very VERY insecure due to storing passwords in plain text. Please read up on resent security advice.
The even better option is using Laravels build-in auth.
https://laravel.com/docs/5.4/authentication
If you do try to use this build-in authentication methods you will be able to get the current authenticated user by using Auth::user() this can be used in your blade files as well as in your controllers.
You cannot (maybe you can) but you certainly should't store user's password unhashed. Laravel has build artisan command: php artisan make:auth. You may use it, and retrieve him in the show method for example (thro the URL, passing id). Or just retrieve him via Auth::user(). Planty of choices.