Laravel 5 Auth::attempt 总是返回 false

Question

I tried to write an login system but Auth::attempt always return false to me, my code:

route:

    Route::get('/login', function () {
    return view('login');
});

    Route::post('/loginProcess', 'LoginController@login');

LoginController:

namespace App\Http\Controllers;

use Request;
use Auth;
use App\Http\Requests;
use Hash;
use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Validator;
use Illuminate\Support\Facades\Redirect;
class LoginController extends Controller
{
 public function login(){
        $uname = Request::get('username');
        $password = Request::get('password');
            if (Auth::attempt(array('username' => $uname, 'password' => $password))){
                return "success";
            }
            else {        
                return "Wrong Credentials";
            }
        }

}
?>

User model:

<?php
namespace App;

use Illuminate\Auth\Authenticatable;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Auth\Passwords\CanResetPassword;
use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract;

class User extends Model implements AuthenticatableContract, CanResetPasswordContract { 
    use Authenticatable, CanResetPassword;
    protected $table = 'user';
    public $timestamps = false;
    protected $fillable = ['username', 'password'];
}

?>

Login view:

@extends('main')

@section('content')
    {!! Form::open(['url' => '/loginProcess']) !!}
        <div class="form-group">
            {!! Form::label('username', 'Username:') !!}
            {!! Form::text('username', null, ['class' => 'form-control']) !!}
        </div>

        <div class="form-group">
            {!! Form::label('password', 'Password:') !!}
            {!! Form::password('password', null, ['class' => 'form-control']) !!}
        </div>

         @if ($errors->any())
             @foreach($errors->all() as $error)
            <div class="alert alert-danger">
                    <p>{{ $error }}</p>
            </div>
            @endforeach
        @endif

        <div class="form-group">
            {!! Form::submit('Login', ['class' => 'btn btn-primary form-control']) !!}
        </div>
    {!! Form::close() !!}
@stop

DB records Table structure

I am developing this on cloud9 IDE, and searched/goggle many posts, still can't find out the problem, is it the problem of password hash or sth? Btw, I checked that the form input can be received.

Answer 1

public function setPasswordAttribute($value) {
    $this->attributes['password'] = bcrypt($value);
}

add above mutator to your user model to hash password when you are saving user records. Auth::attempt() requires hashed passwords

Answer 2

You can try this way..

When you registering user use bcrypt to encrypt your password before seving them to database

$password = bcrypt($input['password']);
            // OR
$psssword = bcrypt(Request::get('password'));

And because you are using username in place of default email

Your LoginController..

namespace App\Http\Controllers;

use Request;
use Auth;
use App\Http\Requests;
use Hash;
use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Validator;
use Illuminate\Support\Facades\Redirect;
class LoginController extends Controller
{

 use AuthenticatesAndRegistersUsers;

 public function loginUsername()
 {
     return 'username';
 }

 public function login(){
        $uname = Request::get('username');
        $password = Request::get('password');
            if (Auth::attempt(array('username' => $uname, 'password' => $password))){
                return "success";
            }
            else {        
                return "Wrong Credentials";
            }
        }
}

Hope this will work.

Answer 3

I looked at your DB records and found that you are not hashing your password while saving. Auth::attempt() are checking against hashed password while your saved passwords are in plain text.

Answer 4

Rename Your Password Field
try to debug the $query in \Illuminate\Auth\DatabaseUserProvider\ 



public function retrieveByCredentials(array $credentials)
{
    // First we will add each credential element to the query as a where clause.
    // Then we can execute the query and, if we found a user, return it in a
    // generic "user" object that will be utilized by the Guard instances.
    $query = $this->conn->table($this->table);

    foreach ($credentials as $key => $value)
    {
        if ( ! str_contains($key, 'password'))
        {
            dd($query->where($key, $value));

        }
    }

    // Now we are ready to execute the query to see if we have an user matching
    // the given credentials. If not, we will just return nulls and indicate
    // that there are no matching users for these given credential arrays.
    $user = $query->first();

    return $this->getGenericUser($user);
}