All geek questions in one place

Laravel 5.1 bcrypt and login

When I register a new user in a Laravel structure, I now do it like this,

// Creating a new user
$user = new User;
$user->firstname = $data['firstname'];
$user->lastname = $data['lastname'];
$user->email = $data['email'];
$user->password = bcrypt($data['password']);
$user->save();

This works great and I can log in to the app. However, I want the user to be able to change their passwords on the settings page. Having done this, I used the same technique using

$newPass = bcrypt($response->new_password);

and update the user field. However, after that, I can not enter? I use the built-in authentication service in laravel for registration / login.

What am I doing wrong here? and should I do it differently?

I also tried to encrypt my current password, and I received a completely different hash than the one stored in the database.

This is so confusing.

Updated using controller code,

// Validation
$this->validate($request, [
    'email' => 'email',
    'password' => 'min:8|confirmed',
    'current_password' => 'required',
]);

// Getting the user ID
$userId = Auth::id();

// Dummy hack check, change later.
if(!Auth::attempt(['id' => $userId, 'password' => $request->current_password]))
{
    return redirect('settings')->with('alert','current password is wrong.');
}

// Everything is validated and ok to proceed
if($request->email)
{
    $data['email'] = $request->email;
}

if($request->password)
{
    $data['password'] = bcrypt("helloworld");
}

$user = User::where('id',$userId)->update($data);

dd($data);

Dump data for inputs,

  +request: ParameterBag {#40 ▼
    #parameters: array:5 [▼
      "_token" => "JQIIuCjiKQmbK0X5zCM6czYD1vIoh4PGjLO4qrFm"
      "email" => "testing@gmail.com"
      "password" => "thisisnewpass"
      "password_confirmation" => "thisisnewpass"
      "current_password" => "helloworld"
    ]
  }
+4
3

, Laravel . .

// Getting the User
$user = Auth::user(); // Gets the currently logged in User
$credentials = [
    'id' => $user->id,
    'password' => $request->input('current_password')
];

// Make sure current password is correct
if (!Auth::validate($credentials)) { // Checks the User credentials
    return redirect('settings')->with('alert','current password is wrong.');
}

// Change the password
if ($request->has('password')) {
    $user->password = bcrypt($request->input('password'));
}

// Save any changes
$user->save();

, , .

0

, , ( ?), , ,

// Validation
$this->validate($request, [
    'email' => 'email',
    'password' => 'min:8|confirmed',
    'current_password' => 'required',
]);

// Getting the user ID
$userId = Auth::id();
$newPassword = $request->password;

// Dummy hack check, change later.
if(!Auth::attempt(['id' => $userId, 'password' => $request->current_password]))
{
    return redirect('settings')->with('alert','Wrong password.');
}

// Everything is validated and ok to proceed
if($request->email)
{
    $data['email'] = $request->email;
}

if($request->password)
{
    $data['password'] = bcrypt($newPassword);
}

// Getting, and checking if the current password is corrent.
$user = User::where('id',$userId)->update($data);

echo $newPassword . "<br><br>";

dd($data);

- , , , , . , .

0

Laravel 2017 , :

//create a setter method in your controller

public function setPasswordAttribute( $password ) {
    if ( $password !== null ) {
        if ( is_null(request()->bcrypt) ) {
            $this->attributes['password'] = bcrypt($password);
        } else {
            $this->attributes['password'] = $password;
        }
    }
}

, , .

0

Source: https://habr.com/ru/post/1612500/

More articles:


All Articles