There are two approaches.
Approach 1. You can add both username password in the where condition.
If the username and password not matching, The error message will be like "Invalid Username and password"
Approach 2. (Your approach). Get the user record from the user table using where("name", $req->us)
and validate the password if(Hash::check($user->password, $user->password))
. The advantage in this approach is you can show the error message like below.
- If the username is not in the table, you can display error like "Invalid Username".
- If the password is not matching, you can display error like "Invalid Password".
You can use any approach and from a security perspective you can go with the approach 1.