I have implemented Database seeder to seed in user (default) credentials.
Admin::create(['name' => 'Super Admin', 'email' => 'admin#demo.in', 'password' => bcrypt('password') ]);
After running seed, I got success message. But when I try to make login, it says your credential are not matching. Is there any particular reason for this. Can't we seed user data with bcrypt??
If we talk about the default AuthController of Laravel 5 obviously no you can't:
protected function create(array $data)
{
return User::create([
'name' => $data['name'],
'email' => $data['email'],
'password' => bcrypt($data['password']),
]);
}
If you have a look at the create() function you can see that the data submitted as password is automatically bcrypted. So if you bcrypt the password too it is bcrypted a second time.
Alright, some key points :
If you're using the User model for seeding, make sure that you'r not
hashing the password twice that could happen if you have a mutator
set in your model for the password column.
Be aware of your saved passwords in the browser, prefer writing
explicitly your username and password (in this case).
Finally check if there is no typo in your username/email or password. (that was my case 🤦♂️)
I inserted the data into my user table from my seeder as so:
DB::table('users')->insert([
'Email' => 'admin#QualityBooks.co.nz',
'Name' => 'Administrator',
'PhoneNumber' => '00000',
'Password' => bcrypt('P#ssw0rd'),
'isEnabled' => true,
'isAdmin' => true
]);
This works for me and I am able to log in while using the default auth controller.
Related
I am using CakePHP for a school project where a filled in database is given to you.
Users are required to login by a username / password which I already made. The problem however, users in the database have an unencrypted password which I want to authenticate them with.
I can't find any way to disable the password hash check. I tried specifying a fallback password hasher like this.
$authenticationService->loadIdentifier('Authentication.Password', [
'fields' => [
'username' => 'username',
'password' => 'password',
],
'passwordHasher' => [
'className' => 'Authentication.Fallback',
'hashers' => [
'Authentication.Default',
[
'className' => 'Authentication.Legacy',
'hashType' => 'md5',
'salt' => false
],
]
]
]);
But I can't find any way to disable the 'hashType'.
I ended up not disabling password hashing, but using a fallback method as the one in my question.
I hashed all the passwords in my database with sha1 by using a SQL Query. (sha1 isn't secure, but that was not required in my case).
When a user logs in, CakePHP checks if the password has to be upgraded to a more secure hash and does so if required.
(More info on CakePHP hashers/upgrading can be found here: https://book.cakephp.org/authentication/2/en/password-hashers.html)
I am using laravel's default login and registration. I have successfully set up authentication, however I would like to send user's username and password to the emails they used during registration. How can I achieve this?
You can initiate a mail to user after you validated input received and before your create functions of your register controller present in
$email = new UserRegisterData(new User(['password' => $user->password, 'name' => $user->name]));
To do this you need to rewrite
protected function validator(array $data)
function in your register controller and modify that with this mail. as
protected function validator(array $data)
{
$email = new UserRegisterData(new User(['password' => $user->password, 'name' => $user->name]));
return Validator::make($data, [
'name' => 'required|max:255',
'email' => 'required|email|max:255|unique:customers',
'password' => 'required|min:6|confirmed',
]);
}
once you hashed your password in create function, i think it can't be read. Also check if any security issue it may generate. Also you need to create mail as 'UserRegisterData' and add necessary code in it.
No user is currently logged in. Why after I create a user using a User::create() model (my application registration) which extends Eloquent does Auth say that the created user is now logged in?
var_dump(Auth::user());
$user = User::create(array(
'username' => Input::get('username'),
'email' => Input::get('email'),
'password' => Hash::make(Input::get('password'))
));
var_dump(Auth::user());
outputs:
null
object(User)[204]
protected 'table' => string 'users' (length=5)
protected 'fillable' =>
array (size=5)
0 => string 'username' (length=8)
Is this something related to the interfaces? How do I disable this? Incredibly annoying...
It seems I wasnt destroying any current sessions. The solution is to run Auth::logout() before creating the user.
I'm pretty new to drupal, so bear with me if I'm not using correct terms.
I'm trying to give a stupidly basic application access to a drupal url - this application cannot do any complicated authentication.
Otherwise, this drupal system needs authentication and all other menu hooks use 'access arguments' => array('access content')
Even before looking a solution for easy authentication method with drupal like http://user:password#server.com/awesome/member/12345, I've tried just giving anonymous access with the following code block in a drupal .module file
function awesome_module_menu() {
$items['awesome/member/%'] = array(
'title' => 'Awesome member',
'type' => MENU_NORMAL_ITEM,
'page callback' => 'aw_memberdata_fetch',
'delivery callback' => 'aw_memberdata_deliver',
'access arguments' => TRUE // this supposedly should allow anonymous access - from the web
);
return $items;
}
I have these two functions, one to fetch the data, one to show it:
function aw_memberdata_fetch(memberId)
{
//fetch array of objects from DB
...
return $items;
}
function aw_memberdata_deliver($items)
{
switch(arg(3)) //format, comes after items
{
case 'json':
drupal_json_output($items);
break;
default:
$output = makeHtml($items); //makes HTML
drupal_deliver_html_page($output);
}
}
With an authenticated browser, this works as intented. From a browser with no auth cookie I'm allowed to see the HTML, but the results are not there, it's like the page callback function doesn't run for anon users, but delivery callback does.
How do I make this work for anon users?
You are using access arguments with the default user_access function for permission verification. This will basically call user_access(true) which will return
true for authenticated user (you are probably testing with the administrator account (uid = 1)) which bypasses the verification check. Administrator has full privileges.
false for anonymous users because the string value of the first argument passed to the user_access true doesn't exist as a permission setting.
You should use either use
a custom YOURMODULE_access hook which does the permission verification
declare custom permissions for your module (YOURMODULE_permission hook)
don't use permission verification by using 'access callback' => true which gives access to anonymous and authenticated users
function awesome_module_menu() {
$items['awesome/member/%'] = array(
'title' => 'Awesome member',
'type' => MENU_NORMAL_ITEM,
'page callback' => 'aw_memberdata_fetch',
'delivery callback' => 'aw_memberdata_deliver',
'access callback' => true,
);
return $items;
}
i have working joomla project (domain.kz).
and i need to build new independent project on subdomain (newapp.domain.kz)
but i want to use joomla user table. (to let user auth with joomla logins)
can i declare in user model the joomla jos_users fields
is it possible to use 2 DB (old one for auth, the new one for new app)
Create a new database config in app/config/database.php, then create your model as normal:
var $joomla_connection = array('driver' => 'mysql',
'persistent' => false,
'host' => 'localhost',
'login' => 'root',
'password' => 'password!',
'database' => 'joomla_db',
'prefix' => 'jos_'); // I think this is correct
class User extends AppModel {
var $name = 'User';
var $useDbConfig = 'joomla_connection';
//your code here
//....
}
you will might experience problems with Auth when you login with the "security_salt" and "cipher" from cake against the user login data, that are created through joomla.
if Joomla saves md5 encrypted passwords you can modify cakestandard encryption with this:
change hash function - cake cookbook