Auth::attempt fails and so does Hash::check($password, $hashed_password)

You can use the make:auth command. It doesn't change any values in your database table or your migrations.

But, you have multiple errors in the code you've posted so i don't know whether you've manually written it or copied it.

Here's your method:

public function authenticate(Request $request) {
      $username = request()->username;
      $password = request()->password;
      $credentials = array('profile_mobile_username' => $username , 'password' => $password);
      $attempt = Auth::attempt($credentials);
      $hashed_password = profile::where('profile_mobile_username', $username)->first()- >profile_mobile_password_hashed;
      $check = Hash::check($password, $hashed);

      if (Auth::attempt($credentials)) {
        return view('index');
      }
        return dd($attempt);
    }

1. Why are you attempting to authenticate the user twice?
2. Where are you assigning the $hashed variable? I only see $hashed_password.
3. Are you certain that the password value in the database is hashed? If it's a plain value, it's going to fail as the attempt method automatically hashes it behind the scenes to match the hashed value in the database.
4. Try using use Auth instead of use Illuminate\Support\facades\Auth;

Providing you actually have a hashed value in the database, it should be as simple as:

if (Auth::attempt(['profile_mobile_username' => request('username'), 'password' => request('password')]) {
    // success
}

@Jaytee Thank you for your reply and pointers, forgive the $hashed, $hashed_password mix up, my code is using the $hash variable, I changed it to $hashed_password only in this discussion so it was crystal clear what it was storing.

The attempting to authenticate twice was an error on my part, I should have deleted/ commented it out a while ago, I was using that for running some tests.

attempting to use

use Auth;

instead of

use Illuminate\Support\facades\Auth;

Yielded no luck unfortunately.

As for the hash stored it does exist (I know it doesn't mean much posting it ,but to show it is there)

$2y$10$yFjQ936hHtZFJP3YixnPXucw9reirNgKBvXLzpki02wz6PFi6NDdG

The field storing it is nvarchar(100), I'm using MicrosoftSQL server so I hope that is the correct field type, and I know it is the correct length based on the laravel documentation.

-Update- I have included request() in my dd(); and It turns out I am getting a laravel session cookie created however the auth::attempt/hash::check still fails...

"laravel_session" => "6sQHDzMNdqDJMAd2mTi6vVw0v0NEYGCO3uYkqxY0"

If the password in the old table is hashed, you're not supposed to be able to decrypt it. That's the point of hashing data.

So you'll have to reset passwords to a new hashed password that your current system/app can then hash and validate properly.

@jekinney the password in the table wasn't hashed, but to be able to use the password with Laravel I hashed them using the Hash::make(); and stored them in a new field, until I know I can authenticate users correctly, once I can I'll remove the plain text password field as I know its a big security risk.

In my model I am using the

public function getAuthPassword(){
      return $this->profile_mobile_password_hashed;
    }

method So that Auth:: looks at the correct field for the password and not the default 'password' field it would try to usually look at.

Oh got yeah. I ran into that situation once. What I did was run a check like you did, but just a string check. No hash. If good hash the incoming password (insert).

After about 6 hours I figured out the problem, my original password field, was of the type char(100) which meant it was a fixed size, therefore any password entered would then get additional white space added at the end until it was 100 characters in length. Then the hash method ran on that 100 character password making the hash based on something that wasn't the correct password.

Thanks for the input all