Auth ::尝试在Laravel 5中不起作用

Question

I've read dozens of similar posts, still cant't make it work. I always get the 'login failed' message. This is my users table

CREATE TABLE users (
id int(10) unsigned NOT NULL,
first_name varchar(255) COLLATE utf8_unicode_ci NOT NULL,
last_name varchar(255) COLLATE utf8_unicode_ci NOT NULL,
slug varchar(255) COLLATE utf8_unicode_ci NOT NULL,
email varchar(255) COLLATE utf8_unicode_ci NOT NULL,
password varchar(255) COLLATE utf8_unicode_ci NOT NULL,
remember_token varchar(100) COLLATE utf8_unicode_ci DEFAULT NULL,
created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
updated_at timestamp NOT NULL DEFAULT '0000-00-00 00:00:00'
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;

See password field is 255, so large enough for hashing.

Here is my App\\Model\\User class

namespace App\Model;
use Illuminate\Foundation\Auth\User as Authenticatable;

class User extends Authenticatable
{
    protected $fillable = ['name', 'email', 'password'];
    protected $hidden = ['password', 'remember_token'];
}

This is the login controller

namespace App\Http\Controllers\Backend;
use Illuminate\Http\Request;
use App\Http\Requests;
use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Auth;

class MainController extends Controller
{
    public function getLogin()
    {
        return view('backend.login');
    }

    public function postLogin(Request $request)
    {
        if (Auth::attempt([
            'email'    => $request->input('email'),
            'password' => $request->input('password')
        ])) {
            echo 'login successful'; exit();
        }
        else {
            echo 'login failed'; exit();
        }
    }
}

User records in db were inserted with their password set to

Crypt::encrypt('123456')

This gave me nearly 200 chaacters long hashed passwords stored in the db (is that normal?)

My config.app file says

'key' => env('APP_KEY'),
'cipher' => 'AES-256-CBC',

And finally here is my config.auth file

return [
    'defaults' => [
        'guard' => 'web',
        'passwords' => 'users',
    ],
    'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],
        'api' => [
            'driver' => 'token',
            'provider' => 'users',
        ],
    ],
    'providers' => [
        'users' => [
            'driver' => 'eloquent',
            'model' => App\Model\User::class,
        ],
    ],
    'passwords' => [
        'users' => [
            'provider' => 'users',
            'email' => 'auth.emails.password',
            'table' => 'password_resets',
            'expire' => 60,
        ],
    ],
];

I tried to dump $request->input('email')/$request->input('password') from the form, and everything is as expected. I tried to dump the query log and the query seems to be right ('select * from users where email = ? limit 1, with correct email field binding).

What else can I check? Is there a way to "deeply inspect" Auth::attempt to check what's going wrong over there?

Any help would be appreciated.

Answer 1

The issue here is you are using Crypt::encrypt('123456') to set user password. Crypt is not used for this purpose as it requires Decrypt to work which is not implemented in Auth class

Simpy use Hash to hash password before you save to database

Example:

User::create([ 
    'password' => Hash::make('123456'),
    'username' => 'hitman'
]);

You can also do hashing in user model by adding this to User model class:

public function setPasswordAttribute($password)
{
    $salt = md5(str_random(64) . time());
    $this->attributes['password'] = \Hash::make($password);
    $this->attributes['salt'] = $salt;
}

And later you can simply do this:

User::create([ 
    'password' => '123456', //hashing will be done in model
    'username' => 'hitman'
]);

Answer 2

希望这对你有帮助

Hash::make($data['password'])