2

I use Laravel 5.4 and need to login user in my system. I have next login.blade.php where i have email and password field. In my controller I have next

protected function log() {

 $email=Input::get('email');  
 $pass=Input::get('password');     

  $user = DB::select("SELECT * FROM users where email = '".$email."' and password = '".$pass."'");

  foreach($user as $users){
     if(Input::get('email') == $users->email){
         return redirect('/');
  }else{
        return view('site.warning');

     }
   }  

   }

How can I return logged user in my redirect('/') and show them in my site. Any idea?

Improve this question
2
  • what do you mean "How can I return loget" Commented Jan 31, 2018 at 19:56
  • Sorry, i mean logged Commented Jan 31, 2018 at 19:58

3 Answers 3

Reset to default
1

Use the attempt() method:

if (Auth::attempt(['email' => $request->email, 'password' => $request->password])) {

From the docs:

The attempt method accepts an array of key / value pairs as its first argument. The values in the array will be used to find the user in your database table. So, in the example above, the user will be retrieved by the value of the email column. If the user is found, the hashed password stored in the database will be compared with the password value passed to the method via the array.

This method will work for you if you're using bcrypt() or Hash::make() to generate password hash.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

How does that work ? I understand you select the user based on requested email. But how can you attempt him via password? When I bcrypt some string to hash, I get different hash each time. Bcrypt is one way operation, isn't it?
@Epsilon47 yes it works. Laravel uses this method internally to check email/password and authenticate users.
I have not known about that. But its cool stuff I will take a look about how it works
@Epsilon47 you might want to read about password_verify(). Laravel uses it internally password_verify($value, $hashedValue)
I am just wondering hows that possible that it is safe. If that algorithm can compare hashed password and unhashed password and state that they equal there somehow must be the way to decrypt it. But I guess this question is discussed somewhere(:
|
1

Please do not create your own login system!
Now that's out of the way the explanation.
There is (almost) no good reason to create your own login system, as your code already showed. Your current code is very VERY insecure due to storing passwords in plain text. Please read up on resent security advice.

The even better option is using Laravels build-in auth.

https://laravel.com/docs/5.4/authentication

If you do try to use this build-in authentication methods you will be able to get the current authenticated user by using Auth::user() this can be used in your blade files as well as in your controllers.

Improve this answer

1 Comment

I have two login form in my site, because i need to create custom form...
0

You cannot (maybe you can) but you certainly should't store user's password unhashed. Laravel has build artisan command: php artisan make:auth. You may use it, and retrieve him in the show method for example (thro the URL, passing id). Or just retrieve him via Auth::user(). Planty of choices.

Improve this answer

1 Comment

It is simple operation. When you are using Laravel, you should be using also the terminal so you are able to type artisan commands. There you will type php artisan so you see a list of options you have. So you will find there php artisan make:auth. After submitting it your auth system is done. You can pass then authenticated user like so. $user = Auth::user(); return View::make('auth.index', compact('user'));

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.