I'm struggling myself trying to find the reason but can't. It always falss to "else". I'm using sqlite
and this is my code:
public function doLogin(Request $request)
{
$email = $request['email'];
$password = $request['password'];
if ( Auth::attempt(['email' => $email, 'password' => $password]) )
return redirect()->route('home');
return redirect()->back();
}
Route::post('/doLogin',['as' => 'doLogin', 'uses' => 'Auth\LoginController@doLogin']);
Already printed the variables, the values are exatcly the same as the database.
Possible cause of the problem ?
$usuario = \App\User::find(1)->pluck('email', 'password');
return ($usuario);
Printed Value:
{"teste123":"[email protected]"}
Also, If I try this:
public function doLogin(Request $request)
{
$email = $request->input('email');
$password = $request->input('password');
dd($request->all());
}
I get this:
array:4 [▼
"_token" => "xxxxxxxxxxxxxxxxxxxxxxxxxxx"
"email" => "[email protected]"
"password" => "teste123"
"action" => null
]
Is it normal action = null
?
It looks like you're storing your passwords in your database as plaintext, and that seems to be the issue. You should never do this, as if you have a security leak, then the infiltrator could easily have access to all of your users' passwords.
That also seems to be the issue as to why your Auth::attempt
is failing. Auth::attempt
goes into SessionGuard.php, which eventually calls validateCredentials
from EloquentUserProvider.php. This function hashes the password it is given and checks that against what is in the database. Laravel is expecting your password in the database to be hashed (by default it is bcrypt), so the passwords are not matching. It hashes the plaintext password from the $request
so it no longer matches the plaintext in your DB.
Laravel comes with the command php artisan make:auth
. If you use this, then you shouldn't have to do your doLogin
function. You can just send the logins along the default route. Then when you're testing, sign up your account through the registration to ensure that it's saved in your database in a hash, instead of plaintext.