Custom Login Checking Against 2 Passwords

Level 11

Are your passwords being hashed in the database? If so, it looks like you're comparing the plain text to the hash.

try adding the bcrypt() function to the $input values

public function login()
{
    $input = $this->request->input();

        //Check if logging in as admin first
        if(Auth::attempt(['username' => $input['username'], 'admin_password' => bcrypt($input['password']])))
        {
            dd('Admin');
        }
        elseif(Auth::attempt(['username' => $input['username'], 'password' => bcrypt($input['password']])))
        {
            dd('Normal User');
        }
        else
        {
            dd('login password or username failed');
        }
}

Level 2

@bwrice Yep hashing is being done via Laravel's Hash::make() function.

Unfortunately adding bcrypt() yields the same result.

The documentation on Authentication doesn't mention anything about having to use bcrypt, hence not having used it.

Thanks for the help

Level 2

@Corys8646

Just got an email with your help - thanks. I'll give it a go. Strange thing is I can't see it in this thread :)

For reference for anyone else having the same issue:

@Corys8646 wrote:

I have a similar setup in an app where we are migrating users over from an old code igniter database.

In my login controller, I am overriding the attemptLogin method with the following.

protected function attemptLogin(Request $request)
    {

        //try to authentic through the guard
        if($this->guard()->attempt(
            $this->credentials($request), $request->has('remember'))){
            return $this->guard()->attempt(
                $this->credentials($request), $request->has('remember'));
        }

        //If user got here it means the AUTH was unsuccessful
        //Try to log them IN using old MD5 CI password
        if ($user = User::whereEmail($request->email)->wherePwd(md5($request->password))->first()) {
            $user->password = bcrypt($request->password);
            $user->save();
            return $this->guard()->attempt(
                $this->credentials($request), $request->has('remember'));
        }
    }

Level 11

It's probably not a good practice to store your admin and user passwords in separate columns. Why not just have another named 'admin' that's a boolean type. Then you can simply add another test to the Auth::attempt array.

if(Auth::attempt([
    'username' => $input['username'], 
    'password' => $input['password'],
    'admin' => 1]
    ])
        {
            dd('Admin');
        }

Or better yet, have a user_role_id column that references another table where you can store a new row for each type of UserRole. This will allow you to easily add something like a subscriber role in the future.

Level 2

@bwrice - Yeah I've been trying to avoid having two password columns but I also didn't want to repeat usernames. I think to do your method I'd need a row with the username and normal password then a row with the same username and admin password.

I'd prefer two different users altogether, or even simpler, a checkbox if you want to login as admin. But that's not what they want unfortunately

Level 11

I'm still not understand why you need a separate column for admin usernames vs. normal usernames and the same for admin passwords vs. normal passwords. Save both admins and normal users to the same column for username/password and add another column that defines their role.

Level 2

@bwrice

I think we're meaning the same thing? There'd be 2 rows for one username. Just one would have an admin password and one a normal password?

Basically all I need to do is set the userlevel based on which password they've used.

The easiest posible way :)