I was digging into Laravel and it seems I have some issues with my authentication system. I will try to make snippets of my code below. If my explanations aren't enough, please let me know.
routes:
/*
Sign in (POST)
*/
Route::post('/account/sign-in', array(
'as' => 'account-sign-in-post',
'uses' => 'AccountController@postSignIn'
));
/*
Sign in (GET)
*/
Route::get('/account/sign-in', array(
'as' => 'account-sign-in',
'uses' => 'AccountController@getSignIn'
));
AccountController.php
<?php
class AccountController extends BaseController {
public function getSignIn() {
return View::make('account.signin');
}
public function postSignIn() {
$validator = Validator::make(Input::all(),
array(
'email' => 'required|email',
'password' => 'required'
)
);
if($validator->fails()) {
//Redirect to sign in page
return Redirect::route('account-sign-in')
->withErrors($validator)
->withInput();
} else {
//Atempt user sign in
$auth = array(
'email' => Input::get('email'),
'password' => Input::get('password'),
'active' => 1
);
if(Auth::attempt($auth)) {
//Redirect to intended page
return Redirect::intended('/');
}
else {
return Redirect::route('account-sign-in')
->with('global', 'Email/password wrong, or account not activated');
}
}
return Redirect::route('account-sign-in')
->with('global', 'There is a problem signing you in');
}
public function getCreate(){
return View::make('account.create');
}
public function postCreate(){
$validator = Validator::make(Input::all(),
array(
'email' => 'required|max:50|email|unique:users',
'username' => 'required|max:20|min:3|unique:users',
'password' => 'required|min:6',
'password_again'=> 'required|same:password'
)
);
if($validator->fails())
{
return Redirect::route('account-create')
->withErrors($validator)
->withInput();
}
else
{
$email = Input::get('email');
$username = Input::get('username');
$password = Input::get('password');
// Activation code
$code = str_random(10);
$user = User::create(array(
'email' => $email,
'username' => $username,
'password' => Hash::make($password),
'code' => (string)$code,
'active' => 0
));
}
}
return Redirect::route('home')
->with('global','Account could not be activated. Please, try again later.');
}
}
?>
auth.php
<?php
return array(
'driver' => 'eloquent',
'model' => 'User',
'table' => 'users',
'reminder' => array(
'email' => 'emails.auth.reminder',
'table' => 'password_reminders',
'expire' => 60,
),
);
?>
user.php
<?php
use Illuminate\Auth\UserInterface;
use Illuminate\Auth\Reminders\RemindableInterface;
class User extends Eloquent implements UserInterface, RemindableInterface {
protected $fillable = array('email' , 'username' , 'password', 'code');
/**
* The database table used by the model.
*
* @var string
*/
protected $table = 'users';
/**
* The attributes excluded from the model's JSON form.
*
* @var array
*/
protected $hidden = array('password');
/**
* Get the unique identifier for the user.
*
* @return mixed
*/
public function getAuthIdentifier()
{
return $this->getKey();
}
/**
* Get the password for the user.
*
* @return string
*/
public function getAuthPassword()
{
return $this->password;
}
/**
* Get the e-mail address where password reminders are sent.
*
* @return string
*/
public function getReminderEmail()
{
return $this->email;
}
}
signin.blade.php
@extends('layout.main')
@section('content')
<form action="{{ URL::route('account-sign-in-post') }}" method="post">
<div class "field">
Email: <input type="text" name="email"{{ (Input::old('email')) ? ' value="' . Input::old('email') . '"' : ''}}>
@if($errors->has('email'))
{{ $errors->first('email') }}
@endif
</div>
<div class "field">
Password: <input type="text" name="password">
@if($errors->has('password'))
{{ $errors->first('password') }}
@endif
</div>
<input type="submit" value = "Sign in">
{{ Form::token() }}
</form>
@stop
In conclusion: I hash the password and it's stored in the database hashed. I use the function Auth::attempt() correctly without rehashing the password. I have seen people using the Auth::attempt with Hash::make($password). auth.php and User.php files seem fine. I don't know where the problem might be.
