-1

I want to hash password with md5 instead of bcrypt in laravel 8. In my login controller LoginController.php :

protected function credentials(Request $request)
        {
            return ['user_name' => $request->{$this->username()}, 'password' => md5($request->password), 'actif' => 'Y'];
        }

And in my UserController I have:

public function store(Request $request)
    {        
        $this->validationRules($request);        
        $user = new User();       
        $user->password = md5("00000000");
        $user->actif = 'Y';
        $user->user_name = $request->input('user_name');
        $user->save();

        return redirect('/users');
    }

The new user is saved in the database with md5 but when I try to login it gives me this error :

These credentials do not match with our records
Jon Rodrigo
  • 35
  • 5

2 Answers2

1

after reading the resource code, your will find out that Laravel validate user's credentials in vendor/src/Illuminate/src/Auth/EloquentUserProvider

public function validateCredentials(UserContract $user, array $credentials)
{
    $plain = $credentials['password'];
    return $this->hasher->check($plain, $user->getAuthPassword());
}
  1. So, first add a getAuthPassword function in your Models/User.php
class User extends Authenticatable
{
    public function getAuthPassword()
    {
        return ['password' => $this->attributes['password']];
    }
}
  1. then, add a custom SelfEloquentUserProvider extends from vendor/src/Illuminate/src/Auth/EloquentUserProvider.php
namespace App\Libs;

use Illuminate\Auth\EloquentUserProvider;
use Illuminate\Contracts\Auth\Authenticatable;
use Illuminate\Support\Str;

class SelfEloquentUserProvider extends EloquentUserProvider
{
    /**
     * Validate a user against the given credentials.
     *
     * @param \Illuminate\Contracts\Auth\Authenticatable $user
     * @param array $credentials
     */
    public function validateCredentials(Authenticatable $user, array $credentials)
    {
        $plain = $credentials['password'];
        $authPassword = $user->getAuthPassword();
 
        return hash_equals(md5($plain), $authPassword['password']);
    }
}
  1. then, register your SelfEloquentUserProvider in App/Providers/AppServiceProvider
class AppServiceProvider extends ServiceProvider
{
    /**
     * Bootstrap any application services.
     *
     * @return void
     */
    public function boot()
    {
        \Auth::provider('self-eloquent', function ($app, $config) {
            return New \App\Libs\SelfEloquentUserProvider($app['hash'], $config['model']);
        });
    }
    ......
}
  1. finally, in your config/auth.php
'providers' => [
    'users' => [
        'driver' => 'self-eloquent',
        'model' => \App\User::class,
    ]
]

you can custom your own auth rule easily by this way.

DengSihan
  • 2,119
  • 1
  • 13
  • 40
  • Ok, I will try this – Jon Rodrigo Feb 20 '21 at 16:36
  • It did not work when I dd('message') in validateCredentials() in EloquentUserProvider and in SelfEloquentUserProvider it stil go to the validateCredentials() of EloquentUserProvider instead of SelfEloquentUserProvider. – Jon Rodrigo Feb 22 '21 at 09:54
0

You need to write the LOGIN controller.

In Laravel 7 with the AUTH package (Illuminate\Foundation\Auth\AuthenticatesUsers), you go to:

  • Http > Controllers > Auth > LoginController.php

And you have to rewrite the trait AuthenticatesUsers with the method below:

protected function attemptLogin(Request $request)
{
    // Your login logic
}

If you use an other package, the method will be different, check in the documentation of your package if it's the case.

David
  • 155
  • 6