I've been trying to simply change a password, and then authenticate it, and Auth::attempt has been returning false:
$email = "test6#mycompany.com";
$pass = md5("123");
$credentials= [ 'email' => $email,
'password' => $pass];
$user = User::where("email" , $email)->first();
$user->password = $pass;
$user->save();
dd(Auth::attempt($credentials));
I also have this part in the user model...
public function setPasswordAttribute($pass){
$this->attributes['password'] = Hash::make($pass);
}
Does anyone have any ideas what could I be doing wrong?
This always happen, just as I post the question, I have an epiphany...
my password field was too short to contain the password so it always saved only part of the hashed string.
Related
i have tried to change password in laravel 5.4 it changed successfully but after that when i am trying to login again with new password it throws an error credential do not match.
here is my code-
public function UpdatePassword(Request $request)
{
$this->validate($request, [
'old_password' => 'required',
'password' => 'required|string|min:6|confirmed',
]);
$old_password = $request->old_password;
if (Hash::check($old_password, Auth::user()->password)) {
# code...
Auth::user()->update(['password'=>bcrypt($request->new_password)]);
return back()->with('message','password chnaged successfully.');
} else {
# code...
return back()->with('message_error','Please Enter Correct Old Password.');
}
}
please let me know whats wrong with code?
You've used confirmed in the password validation. You will need to pass in password or password_confirmation into the update function, not new_password
Auth::user()->update(['password'=>bcrypt($request->password_confirmation)]);
'bcrypt' the new password and then update it.
$password = bcrypt(Input::get('password'));
$user = User::where('email', $request->email)->first();
if ($user) {
$user->password = $password;
$user->save();
}
Hope this will helpful for you.
I'm struggling myself trying to find the reason but can't. It always falss to "else". I'm using sqliteand this is my code:
public function doLogin(Request $request)
{
$email = $request['email'];
$password = $request['password'];
if ( Auth::attempt(['email' => $email, 'password' => $password]) )
return redirect()->route('home');
return redirect()->back();
}
route
Route::post('/doLogin',['as' => 'doLogin', 'uses' => 'Auth\LoginController#doLogin']);
Already printed the variables, the values are exatcly the same as the database.
Possible cause of the problem ?
Testing the Variable Receiving Value (Prints the right values)
$usuario = \App\User::find(1)->pluck('email', 'password');
return ($usuario);
Printed Value:
{"teste123":"teste#teste.com"}
Also, If I try this:
public function doLogin(Request $request)
{
$email = $request->input('email');
$password = $request->input('password');
dd($request->all());
}
I get this:
array:4 [▼
"_token" => "xxxxxxxxxxxxxxxxxxxxxxxxxxx"
"email" => "teste#teste.com"
"password" => "teste123"
"action" => null
]
Is it normal action = null ?
It looks like you're storing your passwords in your database as plaintext, and that seems to be the issue. You should never do this, as if you have a security leak, then the infiltrator could easily have access to all of your users' passwords.
That also seems to be the issue as to why your Auth::attempt is failing. Auth::attempt goes into SessionGuard.php, which eventually calls validateCredentials from EloquentUserProvider.php. This function hashes the password it is given and checks that against what is in the database. Laravel is expecting your password in the database to be hashed (by default it is bcrypt), so the passwords are not matching. It hashes the plaintext password from the $request so it no longer matches the plaintext in your DB.
Laravel comes with the command php artisan make:auth. If you use this, then you shouldn't have to do your doLogin function. You can just send the logins along the default route. Then when you're testing, sign up your account through the registration to ensure that it's saved in your database in a hash, instead of plaintext.
I'm practicing manual authentication in Laravel for learning purposes, following along laracasts.com and reading the manual user authentication related documentation here - https://laravel.com/docs/5.4/authentication#authenticating-users
My login controller code is as follows:
public function loginSubmit() {
$email = request('email');
$password = request('password');
if (Auth::attempt(['email' => $email, 'password' => $password])) {
return 'logged in';
} else {
return 'not logged in';
}
Albeit the password not being hashed, I am using the Auth::attempt with the correct email and password information but am not able to return 'logged in'. How can I get the login to work with Auth::attempt ?
You need to hash the password
use Illuminate\Support\Facades\Hash;
$password = Hash::make($request->password);
I want to use FirstOrCreate for a new user.
Like that:
$user = User::FirstOrCreate([
'name' => $request->username,
'email' => $request->email,
'password' => User::generatePassword()
]);
generatePassword() just generate a random 8 chars string string.
Thing is is doesn't work because it's looking for a user that has this password value.
So, it works when there is no user with this email, but when there is it gives me a constraint error.
What should be the cleanest way to fix it???
You've made a grammatical error. ::firstOrCreate searches based on criteria provided, and if it's not found, it will create the database entry and return the model with that data. ::firstOrNew does that without saving the model automatically.
So, you would want this.
$user = User::firstOrNew([
'email' => $request->email,
]);
We do not include name or password because we are not checking to see if Josh with josh#stackoverflow.com using password foobar123 exists, we just want to know if josh#stackoverflow.com has an account.
Your controller logic seems a bit weird because we would first want to validate that information before creating a model, but I'll roll with it.
$user = User::firstOrNew([
'email' => $request->email,
]);
// This model does not have a DB record.
if (!$user->exists)
{
$user->name = $request->username;
$user->password = User::generatePassword();
$user->save();
}
return $user;
With that logic, we find a record based on email. If the record exists, we pass it. If it does not, we assign it a username and generate a password for it before creating the record and then pass it.
I made a small API with the php lumen framework.
Now I'm integrating a jwt authentication (following this tuto http://laravelista.com/json-web-token-authentication-for-lumen/) for my application but as I attempt to login, it always returns false...
It doesn't seem to be a problem with jwt directly because the token generation works but only the login doesn't work. As I saw, jwt use the Lumen Auth:: to login, so to be sure I tried to login with Auth::attempt() directly instead of JWTAuth::attempt, but the result is false too...
Here is my code:
try
{
$validation = $this->validate($request, [
'email' => 'required|email',
'password' => 'required'
]);
$credentials = $request->only('email', 'password');
$isAuthenticated = Auth::attempt($credentials) || JWTAuth::attempt($credentials);
$user = User::first();
$token = JWTAuth::fromUser($user);
$result = [
'isAuthenticated' => $isAuthenticated,
'token' => $token
];
// ... catch exceptions + return $result or errors from exceptions
I made some search to correct the common mistakes with this kind of problems, and I already checked that:
I have a table named users
in which I have a password column and an email column (full lowercase names)
db password column is varchar(140)
and tried to create and login a user like this:
$user = new User;
$user->email = 'example#domain.com';
$user->password = Hash::make('passwordExample');
$user->save();
//And login with it:
$userData = array(
'email' => 'example#domain.com',
'password' => 'passwordExample');
return (string) Auth::attempt($userData));
my auth config contains :
'driver' => env('AUTH_DRIVER', 'eloquent'),
'model' => env('AUTH_MODEL', 'App\Models\User'),
'table' => env('AUTH_TABLE', 'users'),
my App\Models\User model implements Illuminate\Contracts\Auth\Authenticatable and use Illuminate\Auth\Authenticatable
But no changes... I always get a 'false' !
What can be the problem?
Here are the framework version I use (from composer.json)
"laravel/lumen-framework": "5.1.*",
"vlucas/phpdotenv": "~1.0",
"doctrine/dbal": "~2.3",
"illuminate/mail": "^5.1",
"tymon/jwt-auth": "^0.5.6",
"basicit/lumen-vendor-publish": "^1.0",
"illuminate/support": "5.1.25",
"illuminate/routing": "5.1.25"
Note : I also notice that for the same password hashed twice, the result is not the same. As I read, it's normal and the Auth knows how to check the hashed stored password. But I don't get it... How does he check the password if the hashed result is never the same? It stores a salt for each hash?
Well... Took me a while but I figured out how to login properly...
If I set the password without hashing it :
$user = User::select('id', 'email')
->where('email', $email)
->first();
$user->password = $newPassword;
$user->save();
and I look in the db what was inserted, the password is stored encrypted...
Then if I try to login with :
$this->validate($request, [
'email' => 'required|email|max:255',
'password' => 'required'
]);
$credentials = $request->only('email', 'password');
if ( $token = JWTAuth::attempt($credentials) )
...
it works properly.
So my problem was that I hashed twice the password before inserting it.
But I don't really understand why it's automatically hashed because as I saw in the doc, I have to do it explicitely. So if anyone can give me the reason, I would be very intersted to know it.
Anyway, I should have used Hash::needsRehash($hashed) directly...