I'm doing a small project. I have a database that is meant to verify logins. I'm creating an Admin Account with my own email, I have the bog-standard error messages of:
- "Unregistered Email"
- "Password or Email Incorrect"
- "Missing Password" etc
When I enter JUST my email, my login page recognizes it and doesn't throw an error message (so I know it's accessing my database correctly). When I enter my password, the login page declares the email or password is incorrect.
I know it's recognizing my email, so it's the password that's incorrect, but I also KNOW it's correct (I typed it manually into my Table Plus database.)
Images included below: (This bug is killing me, help would be EXTREMELY appreciated)
Email being recognized first picture. My database entries second picture. Third picture is showing my password not being accurate. In the picture the password is plain text, because I am trouble shooting.
- Email Recognized
- Password is wrong, even though it's clearly right!
- example table entry where password is put as test5
CodePudding user response:
You are using a blank password stored in the database, this is a very dangerous approach and not recommended at all, you need to hash your passwords in order to login, I'm not sure what authentication you are using (ui/sanctum/breeze) but I recommend you use laravel/breeze, instead of building your own authentication using: https://laravel.com/docs/9.x/starter-kits#breeze-and-blade
Once that is installed, you can simply modify the blade to look anyway you like it to look.
To hash a password to be stored correctly you can do the following:
User Controller (Top Area):
use Illuminate\Support\Facades\Hash;
use Illuminate\Validation\Rule;
User Controller (store method example):
/**
* Store a newly created resource in storage.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function store(Request $request)
{
$data = request()->validate([
'email' => ['required','email',Rule::unique('users')],
'password' => 'required',
]);
$user = new User();
$user->password = Hash::make($request->password);
$user->email = $request->email;
$user->save();
return redirect('somewhere');
}