Unable to authenticate a user in Laravel: 'invalid username or password'
Question
I have the username and password passed via a post request from my view to the controller. The controller responsible for handling the post request:
public function postLogin(Request $request) {
$this->validate($request, [
'username' => 'required',
'password' => 'required'
]);
if (!Auth::attempt([
'username' => $request['username'],
'password' => $request['password'] ])) {
return redirect()->back()->with(['fail' => 'invalid username or password']);
}
return redirect()->route('auth.dashboard');
}
The problem is I keep getting 'fail' message: 'invalid username or password'.
I looked at the table inside the phpmyadmin, and the username and password were pretty simple (username: Admin & password: 12345).
This is the database for the admins table :
class CreateAdminsTable extends Migration
{
public function up()
{
Schema::create('admins', function (Blueprint $table) {
$table->increments('id');
$table->timestamps();
$table->string('username')->unique();
$table->string('password');
$table->rememberToken();
});
}
public function down()
{
Schema::drop('admins');
}
}
For reference, I am using Laravel 5.2
update 1 : The users are created via the registration controller, which stores the username and password in the database. Here is the controller:
public function postRegister(Request $request) {
$admin = new Admin();
$this->validate($request, [
'username' => 'required|unique:admins|max:30|min:3',
'password' => 'required|min:5',
'password_confirm' => 'required'
]);
$password = $request['password'];
$passwordConfirm = $request['password_confirm'];
if ($password !== $passwordConfirm) {
return redirect()->back()->with(['fail' => 'password fields do not match!']);
}
$hashedPassword = password_hash($password, PASSWORD_BCRYPT);
$admin->username = $request['username'];
$admin->password = $hashedPassword;
$admin->save();
return redirect()->route('index')->with(['success' => 'Successfully created account!']);
}
4 answers
solution1
1 2016-03-09 06:27:16
your always getting false in Auth::attempt because the password in your database in not hash. Hash your password in your database first. You could use the seeder in order to seed in the database
class UserSeeder extends Seeder
{
public function run()
{
//your admin model
Admin::create([
'username' => 'admin',
'password' => Hash::make(123)
]);
}
}
hope this will help.
solution2
1 ACCPTED 2016-03-09 06:50:23
i prefer using Hash::make instead of password_hash. because there's an additional option in Hash::make that was passed to password_hash. Thats why the hashing didnt matched
solution3
0 2016-03-09 06:17:26
Please change login function with following code.
public function postLogin(Request $request) {
$this->validate($request, [
'username' => 'required',
'password' => 'required'
]);
if (Auth::attempt([
'username' => $request['username'],
'password' => $request['password'] ],$remember)) {
return redirect()->route('auth.dashboard');
}
return redirect()->back()->with(['fail' => 'invalid username or password']);
}
Note : Here $remember should be a 1/0 or TRUE/FALSE.
Hope this will help you.
solution4
0 2016-03-09 06:29:17
Laravel will expect hashed passwords. So if the password in phpmyadmin is visible, it won't work be able to be verified in Laravel. I would expect the password in phpmyadmin to look like this $2y$13$Cn0gwiUfg2mq5Y3/V98aB.NZ4GJqjbwhvKlsSAOYkVNHKlWRmwZ1W
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.