I am working on a small Laravel application, the problem is with the login, it works fine, but I just found out that the password can be seen if you have the basic knowledge to inspect the request payload. I want to know how can I encrypt the password or what solution can there be for this.
Blade file:
<form role="form" method="POST" action="{{ route('Login') }}">
@csrf
<div >
<div >
<div >
<span ><i ></i></span>
</div>
<input placeholder="{{ __('Correo') }}" type="email" name="email" value="{{ old('email') }}" value="[email protected]" required autofocus>
</div>
@if ($errors->has('email'))
<span style="display: block;" role="alert">
<strong>{{ $errors->first('email') }}</strong>
</span>
@endif
</div>
<div >
<div >
<div >
<span ><i ></i></span>
</div>
<input name="password" placeholder="{{ __('Contraseña') }}" type="password" required>
</div>
@if ($errors->has('password'))
<span style="display: block;" role="alert">
<strong>{{ $errors->first('password') }}</strong>
</span>
@endif
</div>
<div >
<button type="submit" >{{ __('Iniciar sesión') }} </button>
</div>
</form>
Login controller:
public function Login(Request $request)
{
$credentials = $this->validate(request(),[
'email'=>'email|required|string',
'password'=>'required|string'
]);
try
{
if(Auth::attempt($credentials))
{
$roleStdClass = DB::table('users')->where('email', $credentials['email'])->select('role_idrole')->first();
$role = current((array) $roleStdClass);
session(['rol'=> $role]);
$id = DB::table('users')->where('email', $credentials['email'])->select('id')->first();
$imgRoute = DB::table('users')->where('email', $credentials['email'])->select('photo')->first();
$idConvert = current((array) $id);
$userPhoto = current((array) $imgRoute);
session(['id'=> $idConvert]);
session(['userEmail' => $credentials['email']]);
session(['userPhoto' => $userPhoto]);
if($role == 3)
{
return redirect()->route('main');
}
return redirect()->route('home');
}
else
{
return back()->withErrors(['email' => trans('auth.failed')]);
}
}catch(Exception $ex)
{
return back()->withErrors(['email' => trans('auth.failed')]);
}
}
I really don't know how to solve this, any help would be appreciated.
CodePudding user response:
Try it :
'password' => Hash::make($request->yourpassword)
CodePudding user response:
You need to check user once. With password you can check like this:
use Illuminate\Support\Facades\Hash;
$userValidated = DB::table('users')->where(['email' => $credentials['email'],'password'=> Hash::make($credentials['password'])])->first();