How to authenticate a user password from a given request in Laravel? How is the password checked against the password hash stored in the database?
6 Answers
First, you'll need to find the User who is logging in based on email address or username or however you identify them, for example:
$user = User::where('email', '=', '[email protected]')->first();
Then, you'll need to CHECK the hashed password, like so:
Hash::check('INPUT PASSWORD', $user->password);
This will return true or false based on whether or not the password matches.
Comments
Laravel Login Authentication:
public function login(Request $request)
{
$email = $request->input('email');
$password = $request->input('password');
$user = User::where('email', '=', $email)->first();
if (!$user) {
return response()->json(['success'=>false, 'message' => 'Login Fail, please check email id']);
}
if (!Hash::check($password, $user->password)) {
return response()->json(['success'=>false, 'message' => 'Login Fail, pls check password']);
}
return response()->json(['success'=>true,'message'=>'success', 'data' => $user])
}
Comments
Step 1: first get user data from DB
$user = User::where('email', '=', $request->input('email'))->first();
Step 2: Get user password as
$user->password
Step 3: Validate it as
if(Hash::check($password, $user->password)) {
return response()->json(['status'=>'true','message'=>'Email is correct']);
} else {
return response()->json(['status'=>'false', 'message'=>'password is wrong']);
}
woo hoo!!!!! you have done :)
Comments
$email = Input::get('email');
$user = User::where('email', '=', $email)->first();
if (!$user) {
return response()->json(['success'=>false, 'message' => 'Not Login successfull']);
}
if (!Hash::check(Input::get('password'), $user->password)) {
return response()->json(['success'=>false, 'message' => 'Not Login successfull']);
}
return response()->json(['success'=>true,'message'=>'success', 'data' => $user]);
Comments
From Laravel 5 onward, you can use the bcrypt() function to hash a plaintext. So, you can save that hashed password in DB and then, compare the hashed password again to match.
$save_password = bcrypt('plain_text_password');
$check_password = bcrypt('provided_password_while_login_request');
And then, compare these two. You're good to go.
Or, if you want to go with the Laravel way:
$credentials = $request->only('email', 'password');
if (Auth::attempt($credentials)) {
// Authentication passed...
return redirect()->intended('dashboard');
}
As per Laravel documentation, and I quote: "The attempt method accepts an array of key / value pairs as its first argument. The values in the array will be used to find the user in your database table. So, in the example above, the user will be retrieved by the value of the email column. If the user is found, the hashed password stored in the database will be compared with the password value passed to the method via the array. You should not hash the password specified as the password value, since the framework will automatically hash the value before comparing it to the hashed password in the database. If the two hashed passwords match an authenticated session will be started for the user.
The attempt method will return true if authentication was successful. Otherwise, false will be returned."
Comments
You can create the below method to find the user authentication as explained on the laravel website for authentication:
public function authenticate(Request $request)
{
$credentials = $request->only('email', 'password');
if (Auth::attempt($credentials)) {
// Authentication passed...
// use the below code to redirect the user to dashboard.
// return redirect()->intended('dashboard');
}
}
Please check the link below for more details regarding authentication on laravel website: https://laravel.com/docs/5.6/authentication#authenticating-users
$hashedPassword = hash($_REQUEST["password"]or something.