Home > Back-end >  authentication fails although email and password is correct
authentication fails although email and password is correct

Time:10-22

I tried to check the route, the action="login" on the form, at the controller, it all corrects. I tried different way of writing the code such as Auth::Attempt as well as auth()->attempt(). Other things I tried to have a look into is on the User model by using protected $guarded = [] or protected $fillable = ['name', 'email', 'password', 'username']. I tried hashing the password using the method Hash::make too to make sure the password for the newly created account is correct but it still not working.

My registration page works well, it redirects me to the home page. I compared it with my login page and tried tweaking it. Somehow, it still not working. Please help. I need to complete a project by next week tuesday. I'm in a very tight schedule right now.

Route code

Route::get('/', function () {
    return view('home');
});

Route::get('/record', function () {
    return view('record');
});

Route::get('/profile', function () {
    return view('profile');
});

Route::get('register', [RegisterController::class, 'create'])->middleware('guest');
Route::post('register', [RegisterController::class, 'store'])->middleware('guest');

Route::get('login', [SessionsController::class, 'create'])->middleware('guest');
Route::post('session', [SessionsController::class, 'store'])->middleware('guest');

Route::post('logout', [SessionsController::class, 'destroy'])->middleware('auth');

SessionController page(login)

    <?php

namespace App\Http\Controllers;

use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Session;
use Illuminate\Http\Request;

class SessionsController extends Controller
{
    public function create()
    {
        return view('sessions.create');
    }


    public function store()
    {
        $attributes = request()->validate([
            'email' => 'required|email',
            'password' => 'required'
        ]);

        if (auth()->attempt($attributes)) {
            return redirect('/')->with('success', 'Your account has been created.');
        }

        return redirect('/')->with('errors', 'Authentication failed.');
    }

    public function destroy()
    {
        auth()->logout();

        redirect('/')->with('success', 'Goodbye');
    }
}

Home page

<x-layout>
    <div id="sidebar" >
        <div >
            <form method="GET" action="/">
                <input type="text" name="search" placeholder="Search Staff"  value="{{ request('search') }}">
            </form>
        </div>

        <div >
            <x-category-dropdown />
        </div>
    </div>
</x-layout>

RegisterController

 <?php

namespace App\Http\Controllers;

use App\Models\User;
use Illuminate\Http\Request;

class RegisterController extends Controller
{
    public function create()
    {
        return view('register.create');
    }

    public function store()
    {
        $attributes = request()->validate([
            'name' => 'required|max:255',
        'username' => 'required|min:3|max:255|unique:users,username',
            'email' => 'required|email|max:255|unique:users,email',
            'password' => 'required|min:7|max:255',
        ]);

       $attributes['password'] = Hash::make($attributes['password']);

        $user = User::create($attributes);

        auth()->login($user);

        return redirect('/')->with('success', 'Your account has been created.');
    }
}

Login form

<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Attendance Management System</title>
    <!-- CSRF Token -->
    <meta name="csrf-token" content="{{ csrf_token() }}">
    <link rel="stylesheet" href="styles.css">
    <link href="https://unpkg.com/tailwindcss@^2/dist/tailwind.min.css" rel="stylesheet">
    <script src="https://cdn.jsdelivr.net/gh/alpinejs/[email protected]/dist/alpine.min.js" defer></script>
</head>


<section >
    <main >
        <h1 >Log In!</h1>

        <form method="POST" action="/session" >
            @csrf

            <div >
                <label  for="email">
                    Email
                </label>

                <input  type="email" name="email" id="email" value="{{ old('email') }}" required>

                @error('email')
                <p >{{ $message }}</p>
                @enderror
            </div>

            <div >
                <label  for="password">
                    Password
                </label>

                <input  type="password" name="password" id="password" required>

                @error('password')
                <p >{{ $message }}</p>
                @enderror
            </div>

            <div>
                <button type="submit" >
                    Submit
                </button>
            </div>
        </form>
    </main>
</section>

CodePudding user response:

You’re not hashing the user password when creating a new user. The Auth::Attempt() function takes the plaintext password you provide and does a Hash::make() call on it.

So when you’re logging in, it’s taking the plaintext password, hashing it and comparing it to the value in the database which is plaintext.

So, when creating your user, hash the password value before passing it to the creat function. After you’ve validated your input hash the password and add it back to your $attributes:

$attributes[‘password’] = Hash::make($attributes[‘password’]);

$user = User::create($attributes);

Page link:https//www.codepudding.com/Backend/584888.html

Prev:Wrapping a string extract function in an ifelse statement
Next:How to bypass Socialite in development?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding