Credentials don't working in login form

what laravel version?

You have columns mobile_number and password in your users table?

Is your password hashed in the database?

Try it without the DD.

@snapey its version 7.

yes it is matched on the database and no hashing on passwords

I tried. it doesn't work

Hash::make($password); before attempting to login

Try this one

public function login(Request $request) {
    $request->validate([
        'mobile_number' => 'required',
        'password' => 'required'
    ]);

    $password = \Hash::make($request->password);

    $credentials = $request->only('mobile_number', $password);

    if (Auth::attempt($credentials)) {
        // Authentication passed...
        dd('gg');
    }else{
        dd('not working');
    }
}

or maybe this one

\Auth::attempt($credentials)

Auth::attempt is EXPECTING the password to be hashed in the database

You cannot use it unless you hash the password

@rafidahsan

No hashing on passwords? That will not work. Please hash your password.

Agreed do not store unsecure passwords.

Its easy to do without hashing the password, but I'm not going to tell you how.

Hash the password when creating the user - not when logging in (ie, not @sagar001 answer)

@snapey @sagar001 @jlrdw @laracoft Thank you so much to all of you..

I create password with hashings and use it on login form. It works . Thank you guys

@snapey @sagar001 @jlrdw @laracoft Thank you so much to all of you. I create password with hashings and use it on login form. It works . Thank you guys

but @sagar001 answer is not correct

from the documentation:

The attempt method accepts an array of key / value pairs as its first argument. The values in the array will be used to find the user in your database table. So, in the example above, the user will be retrieved by the value of the email column. If the user is found, the hashed password stored in the database will be compared with the password value passed to the method via the array. You should not hash the password specified as the password value, since the framework will automatically hash the value before comparing it to the hashed password in the database. If the two hashed passwords match an authenticated session will be started for the user.

Note You should not hash the password specified as the password value ...

@sagar001 laravel is a very secure framework when authentication is implemented correctly.

A stored password is like:

y$SAlCSMzLpqFbKQ7Sj/5QkuiJT6LnLsW3QmMrBC14JsTf1S8kbEghS

You verify that the user password matches the hashed one.

Say the password is

jobob123456

Then enter jobob123456

Now you verify the hash of jobob123456 matches $2y$12$SAlCSMzLpqFbKQ7Sj/5QkuiJT6LnLsW3QmMrBC14JsTf1S8kbEghS

Just example.

You are doing it backwards, you don't store jobob123456.

Please see https://www.php.net/manual/en/function.password-hash.php

And https://www.php.net/manual/en/function.password-verify.php

The examples. If you store unhashed passwords, it's a security flaw.

@jlrdw @snapey if you use laravel default routes and controller to register and login than the password is automatically hashed but if you try to manually create your own system that register and login than the password doesn't hashed automatically.

@sagar

I think you are wrong, and the best reply is also wrongly assigned

I really like laravel, it's flexible and secure when security is properly implemented. But it just scares me the number of laravel apps out there where proper security wasn't implemented. Just my opinion.

Even if custom Auth, the php manual shows how to hash a password. I put the links already in an answer above.