Level 41
You don't pass the hashed password. You pass in the plain-text password, and then Laravel will check the plain text password with the hashed password stored in the database.
1 like
Mar 3, 2016
9
Level 6
Auth::attempt Why? Email or Password
Is there a way to find out why Auth::attempt returned false? Wrong email address? Wrong password?
$email = $request->input('email');
$password = $request->input('password');
$attempt = Auth::attempt(['email' => $email, 'password' => $password]);
if(! $attempt)
{
// Why did $attempt fail? Email or password?
return dd($attempt); // false
}
return dd($attempt); // true
My goal is to find out when the Auth::attempt returns false, why? I am not trying to find out how to fix the code.
What was the reason? Could not find user with that email address or the password was incorrect.
Right now I can only get true/false responses. I am looking for the reason why.
** Updated errors in code.
Level 122
I'm not sure if you can tell, but just in case you were thinking it, it's bad security to reveal what part is wrong.
1 like
Level 39
Let's clean it up at bit:
public function login(Request $request)
{
$this->validate($request, [
'username' => 'required',
// If you are logging in the user via email, change the username to email
'password' => 'required'
]);
if (! Auth::attempt(['username' => $request->username, 'password' => $request->password], $remember)) {
// Invalid credentials
}
// Else, the user has been logged in. Do as you wish.
}
/**
* To login with Email: replace all 'username' fields
* $remember is optional, if you'd like to remember a user, add this.
Laravel accepts the plain password and then hashes it and attempts to match it via the Database.
Be sure to add the 'web' middleware to your routes:
Route::group(['middleware' => 'web'], function() {
Route::get('login', 'AuthController@login');
});
Of course, I know you're not trying to fix it, but there's an example.
Pass only the plain values (Email, Password OR Username, Password etc) to the attempt() method. Laravel will do the work behind the scenes for you.
Level 6
@Snapey Thanks for the heads-up. I do not intend on telling the end-user the reason why Auth::attempt() failed.
I am simply looking for the reason why an Auth::attempt() returns false. Is there a method to show me?
Form works fine. Validation works. Login works. No code issues.
if(! Auth::attempt(['email' => $request->input('email'), 'password' => $request->input('password')]))
{
if(User cannot be found using email)
{
Do Something
}
if(Password does not match)
{
Do Something
}
}
Level 122
I guess Guard is just doing SELECT from users where username=x and password=y
If no results are found then the user is not authenticated
After Auth attempt fails you could check the user table for the provided name and if it exists then the password must have been wrong.
Level 6
@Snapey Thanks for the help.
Level 1
I had this issue in https://laracasts.com/series/laravel-from-scratch-2017 course. And fixed it by adding
public function setPasswordAttribute($value)
{
if( \Hash::needsRehash($value) ) {
$value = \Hash::make($value);
}
$this->attributes['password'] = $value;
}
in User.php (User Model)
The issue is password was not begin hashed. May be there is a nice way.
Level 1
When hashing the password, make sure you import the Hash class. That could be the reason for the error.
Level 2
For me in Laravel 9 Web login was working but API with same credentials not working.
I changed public function login(Request $request) with public function login(LoginRequest $request). and solved.
Please or to participate in this conversation.