Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

behnampmdg3's avatar

How come this auth fails even when the posted value are correct?

Route::post('/login', 'HomeController@authenticate');

Record in db: https://ibb.co/SX26sWm

public function authenticate(Request $request)
    {
        if(Auth::attempt(['email' => $request->email, 'password' => $request->password, 'active' => 1, 'course_id' => $request->course_id])) 
            {
                echo "Logged";
            }
        else 
            {
                echo "Didn't work";
            }    
    }

dd()

+request: ParameterBag {#44 ▼
    #parameters: array:4 [▼
      "_token" => "JIzP7GMAtiBqPY8pVlC8WqCUgQWbG0QCbGATie7z"
      "email" => "[email protected]"
      "course_id" => "9"
      "password" => "mypassword"
    ]
  }

Using members table

<?php

namespace App;

use Illuminate\Notifications\Notifiable;
use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Foundation\Auth\User as Authenticatable;

class User extends Authenticatable
{
    use Notifiable;

    protected $table = 'members';
    protected $fillable = [
        'name', 'email', 'password',
    ];

    /**
     * The attributes that should be hidden for arrays.
     *
     * @var array
     */
    protected $hidden = [
        'password', 'remember_token',
    ];

    /**
     * The attributes that should be cast to native types.
     *
     * @var array
     */
    protected $casts = [
        'email_verified_at' => 'datetime',
    ];

    public function getMemberSinceAttribute()
        {
            return $this->created_at->diffInDays(now());
        }
}

Passwords are updated like this

public function update_password(Request $request)
    {
        \DB::table('members')
            ->where('id', $request->id)
            ->update(['password' => Hash::make($request->newPassword)]);
        return redirect('/members/'.$request->id."/edit")->with('status', 'Password updated!');
    }

dd(Auth::attempt(['email'=>$request['email'],'password'=>$request['password']]));

Returns false

Tried this same thing

if(Auth::attempt(['email' => $request->email, 'password' => Hash::make($request->password), 'active' => 1, 'course_id' => $request->course_id]))
0 likes
3 replies
behnampmdg3's avatar

When I manually check the password, it shows the wrong value

if (Hash::check('mypassword', 'y$aSYWqq7N45jNjHReKkgZwuzQIgRh1THLAJK5.xodfb0vQwnflg3.y')) {
    echo 'Correct';
}
else {
echo "False";
}

Prints false!

I am starting to doubt

 ->update(['password' => Hash::make($request->newPassword)]);

Also I changed the table name to an invlaid name (to make sure its hitting the right table) and I get this query:

SQLSTATE[42S02]: Base table or view not found: 1146 Table 'databasename.membersd' doesn't exist (SQL: select * from `membersd` where `email` = [email protected] and `active` = 1 and `course_id` = 9 limit 1)

You see there are not quotes on the email. Is that how it's supposed to be?

behnampmdg3's avatar
behnampmdg3
OP
7 years ago
Best Answer
Level 5

Found the issue!

In admin password update page, I was using the wrong request value "newPassword". The field was called "password" not "newPassword"!

\DB::table('members')
            ->where('id', $request->id)
            ->update(['password' => Hash::make($request-> newPassword)]);
        return redirect('/members/'.$request->id."/edit")->with('status', 'Password updated!');

Please or to participate in this conversation.