Laravel 4 Auth::attempt() always returns false

9
votes

I'm trying the Laravel's Auth class but everytime i attempt to log in a user, the method returns false. Here's my code:

Routes.php

Route::get('new-user', function() {
    return View::make('register');
});

Route::post('new-user', function() {
    $name = Input::get('name');
    $email = Input::get('email');
    $password = Hash::make(Input::get('password'));

    $user = new User;
    $user->name = $name;
    $user->email = $email;
    $user->password = $password;

    $user->save();
});    

Route::get('login', function() {
        return View::make('login');
    });

    Route::post('login', function() {

        $user = array(
            'email' => Input::get('email'),
            'password' => Hash::make(Input::get('password'))
        );

        if (Auth::attempt($user)) {
            //return Redirect::intended('dashboard');
            return "ok.";
        } else {
            return "Wrong.";
        }

    });

views/login.blade.php

{{ Form::open(array('url' => 'login', 'method' => 'post')) }}

    <h1>Login:</h1>

    <p>
        {{ Form::label('email', 'Email: ') }}
        {{ Form::text('email') }}<br />

        {{ Form::label('password', 'Password: ') }}
        {{ Form::password('password') }}<br />
    </p>

    <p>
        {{ Form::submit('Login') }}
    </p>

{{ Form::close() }}

config/auth.php

return array(

    'driver' => 'eloquent',
    'model' => 'User',
    'table' => 'users',
    'reminder' => array(
        'email' => 'emails.auth.reminder', 'table' => 'password_reminders',
    ),

);

The database has the email & password fields, and the password field is varchar(60). Whenever i send the login info to /login it returns me "Wrong." I really can't see whats wrong here?

5
phpauthenticationlaravel

5 Answers

6
votes

Your code is bugging out because you are passing the wrong variables to Auth::attempt(). That method requires an array with keys username, password and optionally remember. In that light, your above code should be:

Route::post('login', function()
{
    $credentials = [
        'username' => Input::get('email'),
        'password' => Input::get('password')
    ];

    dd(Auth::attempt($credentials));
});

Hope that helps.

Also I'll give you snippets of extra code to improve your work flow. Route to store new user:

Route::post('register', function()
{
    $input = Input::only(['username', 'email', 'password']);

    // validate data

    Eloquent::unguard();

    $user = User::create($input);

    Auth::loginUsingId($user->id);

    return Redirect::to('dashboard');
});

Then in your user model add the method

public function setPasswordAttribute()
{
    $this->password = Hash::make($this->password);
}

This way the password will be automatically hashed every time it's set

4
votes

Don't hash the password before attempt:

    $user = array(
        'email' => Input::get('email'),
        'password' => Input::get('password')
    );

    if (Auth::attempt($user)) {
        //return Redirect::intended('dashboard');
        return "ok.";
    } else {
        return "Wrong.";
    }
1
votes

this will not work because auth::attempt converts password to hash using bcrypt, and looks for that hash in users table to match.

in short the password should be a hash stored in database table for auth::attempt to work.

that is why your if() condition failing.

you can use bcrypt(password) to store password as hash in database and then use auth::attempt

below is from laravel docs

https://laravel.com/docs/5.2/authentication#authenticating-users

The attempt method accepts an array of key / value pairs as its first argument. The values in the array will be used to find the user in your database table. So, in the example above, the user will be retrieved by the value of the email column. If the user is found, the hashed password stored in the database will be compared with the hashed password value passed to the method via the array. If the two hashed passwords match an authenticated session will be started for the user.

The attempt method will return true if authentication was successful. Otherwise, false will be returned.

0
votes

You should implement UserInterface class provided by laravel within your model class:

use Illuminate\Auth\UserInterface;
use Illuminate\Auth\Reminders\RemindableInterface;

class User extends Eloquent implements UserInterface, RemindableInterface
{

And remember that it has 2 abstract methods that you should declare at your model. You can follow original User.php model

0
votes

Check your password Length. It must be 60 or higher in database.