0 
$cred = array(
    'username' => $post['username'],
    'password1' => md5($post['password1']),
    'password2' => md5($post['password2']) // custom third field
);

// Check all for authentication
Auth::attempt($cred);

How to add custom fields to AUTH module ?

Improve this question
3
  • If I assume those are post variables from <form>.. then you should like $_POST['username'] Commented Mar 3, 2014 at 4:51
  • @ShankarDamodaran I mean how to make the module to authenticate the user using the custom 'username' and 'password1' and 'password2' instead of the standard 'login' and 'password' Commented Mar 3, 2014 at 4:58
  • @ShankarDamodaran With Laravel you'd use Input::get('name') not the global variable. Commented Mar 3, 2014 at 10:08

3 Answers 3

Reset to default
4

If you want to have the user matched with another credential/where clause, then simply pass it into the credentials array. For example:

<?php
$credentials = [
    'username' => Input::get('username'),
    'password' => Input::get('password'),
    'active'   => 1
];

if(Auth::attempt($credentials)) {
    // code here
}

If you wanted to check a confirm password, like the above suggestion, you'd want to check this first, before checking anything else, not after.

<?php
$validate = [
    'password' => Input::get('password'),
    'password_confirmation' => Input::get('password_confirmation')
];

$validator = Validator::make(
    $validate,
    ['password' => ['same:password_confirmation']]
);

// now you make a credentials array and attempt to auth
Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

It's not same password, two different password fields with two different hashed values and one is uing md5.
@SheikhHeera where did you get this information from? I see no mention of this what so ever. It seems unfair to vote someone down for information that isn't anywhere. The original question is about adding extra fields to an auth call.
Read the comments, how to make the module to authenticate the user using the custom 'username' and 'password1' and 'password2' instead of the standard 'login' and 'password', I didn't encourage to do it but it was OP's need and I solved it another way and answer got accepted but yes I'll write about the best practices (Laravel) on my upcoming book on Laravel.
Everything aside, you have answered with several lines of code, when all of that could be simplified into my first block of code.
In my opinion this is the correct answer. Needed a slight edit but works like a charm for me. I think OP is needing this answer. At least, when someone googles this, right here is the correct answer to the question that is asked. If this is not the answer that OP was looking for, the question wasn't good.
|
0

You don't, instead you may try something like this:

$cred = array(
    'username' => Input::get('username'),
    'password' => Input::get('password1')
);

// At first normally check the credentials using validate method
// but doesn't login, if check succeeded then check the second
// password manually, using your encrypted password2 field
if(Auth::validate($cred)) {
    // Now check the password2, assumed you're using md5
    // hashing for this field (according to your question)
    $password2 = md5(Input::get('password2'));
    $user = User::where('username', $cred['username'])->first();
    if( $user->password2 == $password2) {
        // Now manually login the user
        Auth::login($user);
        return Redirect::to('url'); // successful login url
    }
    else{
        // Password2 missmatched
        $validator = Validator::make(array(), array())->getMessagebag();
        $validator->add('errorLogin', 'Invalid Credentials!');
        return Redirect::back()->withInput()->withError($validator);
    }
}
else {
    // Didn't pass even the first validation (username, password1)
    $validator = Validator::make(array(), array())->getMessagebag();
    $validator->add('errorLogin', 'Invalid Credentials!');
    return Redirect::back()->withInput()->withError($validator);
}

In the view you can use this to show error message on failed login:

{{ $errors->first('errorLogin') }} // Invalid Credentials!

For the first validate methos don't use any encryption, let Laravel do it as it does and for the second password you may use your own encryption.

Improve this answer

3 Comments

You always want to handle validation before touching the database. On top of that, if you're comparing passwords, you'd want to do Hash::check('password', 'hashofpassword'). This isn't required here though, as you can just do a same, THEN log the user in. I'd also like to add that attempting to get a user to supply their password twice to login, is a horrible idea.
@ollieread! Just read the question first and then see my answer. OP is using two different fields for password and he has one password saved in to database using md5 hash and another one using normal way, so he must use this things. At least you should have thought that, OP accepted it because it solved the problem. It's not about how to implement the full authentication but just to how can (s)he use two different password to authenticate a user, I omitted validation intentionally, just focused on the solution.
I think you'll find that the password was an example field. You can tell this by the fact that both password1 and password2 are using md5(). Also, you shouldn't authenticate a user using two different passwords and you most definitely should not use a plain md5. You're encouraging bad code. As stated in the initial question, it was how to use the Auth library while passing in another credential. Your answer is horrendously wrong.
0

You must send an array with username and password to the Auth::attempt method

You can fill those with whatever you need though, in your case it would be something like this:

$post = Input::all(); // I assume this is how you are filling the $post variable?
Auth::attempt(array('username' => $post['username'], 'password' => $post['password1']);

Note that you do not need to hash the password, the attempt method will handle that. You also do not need to send the second password along with it, it will completely ignore everything except 'username' and 'password'

Improve this answer

1 Comment

Actually it only requires 'password' and with not ignore everything else.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.