Level 80
@digitalwing And what happens when two students have the same date of birth…?
1 like
Jul 25, 2022
23
Level 1
Laravel login using date of birth instead of password
I am using Laravel 9x I have built a student service application
I want to allow users to login using their Register number and Date of Birth instead of email and password. Such users are treated as guest users and will have limited previlages. I have added a guest_user guard in congig/auth.php
'guards' => [ 'web' => [ 'driver' => 'session', 'provider' => 'users', ], 'guest_user' => [ 'driver' => 'session', 'provider' => 'guest_users', ], ],
In LoginController I wrote
function guestLogin(Request $request) { $this->validate($request, [ 'regno' => 'required|max:10', 'dob' => 'required|date' ]);
$regno=strtoupper($request->input('regno'));
$dob=$request->input('dob');
if (Auth::guard('guest_user')->attempt(['regno' => $regno, 'password' => $dob], $request->get('remember')))
{
return redirect()->intended('/guestlogin');
}
return back()->withInput($request->only('regno', 'remember'));
}
In the model Student(Which is the provider for guest_user) I have added
namespace App\Models;
use Illuminate\Database\Eloquent\Model; use Illuminate\Foundation\Auth\User as Authenticatable;
class student extends Authenticatable { protected $connection='my_connection'; protected $table = 'student;
public function getAuthPassword()
{
return $this->dob;
}
}
Still when I try to login in returns to the same page with Register Number i.e. return back()->withInput($request->only('regno', 'remember')); in LoginController Might be it is doing an encryption on the dob entered (A wild guess!!) before comparing with that id table.
How can I use dob instead of password to login?
Level 102
Sorry, another user was already born on that date. Please be reborn and try again
4 likes
Level 1
@martinbean But the Register number will be different. Actually it is unique.
Date of Birth is for verification of the student.
Level 80
@digitalwing You never mentioned anything about a registration number. You just went straight into, “I want to log in using student’s date of birth.”
I don’t think this is very secure. I knew all my friends’ birthdays at school, and many of their examination numbers. With your system, I could have logged in as any number of people.
Level 1
@martinbean I am not concerned about the security here. Is there any possibility?
Please help
Level 80
I am not concerned about the security here
@digitalwing That’s not the attitude you should have when building authentication systems…
Level 1
@martinbean Sir, As i have already mentioned, students who will login using dob will have only limited access like download few documents view notifications timetable etc, but only those specific to the student. All other features which require proper authentication will require logging in using email and password.
Please help if, if there are any possibilities. If it is impossible please mention that.
Level 2
@martinbean register number will be different
Level 30
One way to accomplish this is by logging in the student yourself.
<?php
$student = Student::query()
->where('regno', '=', $request->input('regno'))
->where('dob', '=', $request->input('dob'))
->first();
if ($student === null) {
// incorrect credentials
}
Auth::guard('guest_user')->login($student);
But I agree with @martinbean that you should be careful and always take security seriously, especially with personal information - depending what students get access to.
2 likes
Level 1
@ramonrietdijk Thats really wonderful... Thanks a lot...
1 like
Level 1
@ramonrietdijk When I try to retrieve the guard name after login, It prints 'web'.
Auth::guard('guest_user')->login($student);
$guard = auth()->guard(); // Retrieve the guard
$sessionName = $guard->getName(); // Retrieve the session name for the guard
// The following extracts the name of the guard by disposing of the first
// and last sections delimited by "_"
$parts = explode("_", $sessionName);
unset($parts[count($parts)-1]);
unset($parts[0]);
$guardName = implode("_",$parts);
print $guardName;exit;
Output: web
What might be the reason for this?
Level 30
@digitalwing You have not specified a name for the guard so it will return the default guard as configured in your auth.php config file. The name of the guard is the first parameter.
$guard = auth()->guard('guest_user');
And note that this is exactly the same as
$guard = Auth::guard('guest_user');
Level 1
@ramonrietdijk How can I get the name of currently active guard
Level 30
@digitalwing You can be authenticated to different guards at the same time, which means that "current" does not really exist in this context. If you want to know which guards are authenticated, you should check them individually.
1 like
Level 1
@ramonrietdijk Okay Thank you. I was under the impression that guard can be used to identify the type of user logged in and by checking the guard we can perform various actions...
I have accomplished this by keeping the user type in session. Is there a more secure way? Waiting for your expert opinion.
Level 30
@digitalwing I would recommend just checking the correct guard and solely rely on Laravel as this is how it is implemented in the framework. Especially when diving deeper with e.g. middleware you avoid the extra complexity.
Routes can be protected by specifying the guard in your middleware like so:
Route::get('settings')->middleware('auth:web');
You can also allow multiple guards by separating them by a comma.
Route::get('timetable')->middleware('auth:web,guest_user');
Authentication logic in your views is easily implemented using the auth directive.
@auth('web')
// Signed in as a student
@endauth
@auth('guest_user')
// Signed in as a guest user
@endauth
If you wish to add your own directive like student or guestuser, you can create custom if statements.
Blade::if('student', function() {
return auth()->guard('web')->check();
});
Blade::if('guestuser', function() {
return auth()->guard('guest_user')->check();
});
1 like
Level 1
@ramonrietdijk Thanks brother...
1 like
Level 1
When I try @auth('guestuser') an error occurs Auth guard [guestuser] is not defined.
Is there any other place I need to register the guard?
Level 30
@digitalwing Excuse me, it should be guest_user with an underscore. I have updated my answer.
1 like
Level 1
@ramonrietdijk Thanks!
Should I mention the middleware in all contollers?
When i access a functionality using a controller and return to home, it goes to the guest.blade
Level 30
@digitalwing If you only want authenticated users to access certain routes then I highly recommend adding the middleware.
When you are creating a lot of routes, you can group the routes within the middleware so you won't have to repeat yourself for every route.
Route::middleware('auth:web', function() {
Route::get('profile', [...]);
Route::get('timetable', [...]);
});
I don't quite understand what you mean by going to the guest blade?
Level 1
@ramonrietdijk The Home blade contains
@if(Auth::guard('web')->check() or Auth::guard('guest_user')->check())
@include('layouts.page_template.auth')
@else
@include('layouts.page_template.guest')
@endif
and it goes to the guest template while logged in as a guest_user
Also I would like to know if I can group certain routes for multiple routes. Simillar to Route::get('timetable')->middleware('auth:web,guest_user');
Level 30
@digitalwing Are you sure you are logged in as a guest_user? Does Auth::guard('guest_user')->user() return your Student model?
Grouping routes can be done as I have shown above. You can add both of your guards in the middleware as well.
Route::middleware('auth:web,guest_user', function() {
Route::get('profile', [...]);
Route::get('timetable', [...]);
});
Both routes in that function have the middleware attached to them.
1 like
Please or to participate in this conversation.