2

My registration form is working and it store users to db but when user login then Auth::attempt() return false. Here is my code for login. I store the password in db in sha1 encription.

Route::post('login',function(){
$creds=array(
        'email' => Input::get('email'),
        'password' => sha1(Input::get('password'))
    );
$auth = Auth::attempt($creds);

dd($auth);
hamid
  • 469
  • 2
  • 7
  • 14
  • 1
    Possible duplicate of [How to use SHA1 encryption instead of BCrypt in Laravel 4?](https://stackoverflow.com/questions/17710897/how-to-use-sha1-encryption-instead-of-bcrypt-in-laravel-4) – Leo Sep 18 '17 at 12:56
  • see also [this](https://stackoverflow.com/q/28982706/4881811) ! – Maraboc Sep 18 '17 at 12:59
  • why are you using sha1? – Sameer Shaikh Sep 18 '17 at 13:07
  • @SameerShaikh I have real users in database with sha1 encrypted password. Now I am switching from core php to Laravel. But i am stuck here in this logging. – hamid Sep 18 '17 at 15:52
  • when new users are registered, did you save passwords with `sha1` (did you modify logic related to that) ? If not, then you have existing users with sha1 and new users with default laravel encryption... – ljubadr Oct 18 '17 at 16:43
  • so your example to validate would fail for new users... – ljubadr Oct 18 '17 at 16:44

3 Answers3

3

Even though you can implement a Service provider as describe in this post, You can do it manually by with using other auth method 

This means you can do like so:

//....
try{
    $user = User::where('email', Input::get('email'))
      ->where('password', sha1(Input::get('password')))->firstOrFail();
    Auth::login($user);
} catch (ModelNotFoundException $e)
    return ['Username or password Incorrect'];
}

The best thing however is to use the bcrypt() in Laravel but the above should work in case bcrypt is no option.

Oluwatobi Samuel Omisakin
  • 6,944
  • 3
  • 33
  • 48
  • When I give the right credentials it works. But When I give wrong credentials it shows "Sorry, the page you are looking for could not be found." – hamid Sep 18 '17 at 15:54
  • It shows "Sorry, the page..." because of `->firstOrFail()`. Change to `->first()`, but then you have to check what's in `$user` – ljubadr Oct 18 '17 at 12:50
  • Generally it shouldn't show that. However, using `sha1` is not okay for security concern. I specified `firstOrFail()` so that there's no need to say use any `if()` instead catch the exception else redirect user to appropriate place. – Oluwatobi Samuel Omisakin Oct 18 '17 at 14:02
  • I use `firstOrFail` all the time, and it's perfect in this example (I just noticed that you catch exception, I was too tired when I looked into this). I was too focused on his comment – ljubadr Oct 18 '17 at 16:37
  • @OmisakinOluwatobi, I just added comments to his questions, maybe that's the case... – ljubadr Oct 18 '17 at 16:46
1

Try this -

Route::post('login',function(){

$auth = Auth::attempt(['email'=>Input::get('email'),'password'=>Input::get('password')],$remember ? true : false);

dd($auth);
});

Hope this will work for you.

Suniti Yadav
  • 393
  • 2
  • 8
  • if you are using remember me check then only pass it otherwise pass it like this - Auth::attempt(['email'=>Input::get('email'),'password'=>Input::get('password')]); – Suniti Yadav Sep 19 '17 at 04:36
0

I solved it by converting the registering user password to sha1 and then to laravel hashing encryption like so Hash::make(sha1(Input::get('password')));

At login time I do like below

Hash::make(sha1(Input::get('password')))

Then $auth = Auth::attempt($creds); worked.

Anbuselvan Rocky
  • 606
  • 6
  • 22
hamid
  • 469
  • 2
  • 7
  • 14
  • @ljubadr I have converted all existing sha1 passwords to bcrypt(laravel default encryption). So password is first converted to sha1 then to bcrypt. – hamid Oct 21 '17 at 18:07
  • I suggest marking this this as an answer. Also, this answer could help someone else with the same problem in the future, so you could provide maybe a bit more explanation where did you do the changes – ljubadr Oct 22 '17 at 07:58