问题
I am using Crypt:: for registration and login. My registration is successful but login is not successful. Please check the code and help me.
public function Login(Request $request)
{
$this->validate($request, [
'email' => 'required',
'password' => 'required',
]);
$userdata = array(
'email' => $request->email,
'password' => \Crypt::encrypt($request->password)
);
if (Auth::attempt($userdata) {
echo "success";die();
}
return "Ops! snap! seems like you provide an invalid login credentials";
}
回答1:
I have this problem before. I used Crypt Encryption because I need to display the password from encrypted to decrypted in laravel blade input element.
I deeply look at laravel references in projects and found a solution. In default laravel used HASH for encryption, since I used Crypt to Register and Login. When I try to Login this returns false. What I did is edited one laravel function located in
vendor\laravel\framework\src\Illuminate\Auth\EloquentServiceProvider.php
and change this function from these
public function validateCredentials(UserContract $user, array $credentials)
{
$plain = $credentials['password'];
return $this->hasher->check($plain, $user->getAuthPassword());
}
to these
public function validateCredentials(UserContract $user, array $credentials)
{
$plain = $credentials['password'];
return \Crypt::decrypt($user->getAuthPassword());
}
回答2:
Originial
You need to use Hashing, not Encryption.
Registration
...
$userdata = [
'email' => $request->email
'password' => Hash::make($request->password)
];
...
// User saved..
Login
$credentials = $request->only('email', 'password');
if (Auth::attempt($credentials) {
// It work
}
Ref :
- https://laravel.com/docs/5.6/authentication
- https://laravel.com/docs/5.6/hashing
Update
OP : I need to Crypt::decrypt to decode the password and send on email. Using hash i couldn't decode it. Thats the reason i need Crypt.
I really don't recommend it. That's why we have the "forgot password" feature to create new password.
Is it secure to store passwords with 2 way encryption?
Okay, back to the topic, How to login with Crypt encryption?
You need to add login() method in Auth\LoginController :
/**
* Handle a login request to the application.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*
* @throws \Illuminate\Validation\ValidationException
*/
public function login(Request $request)
{
$decrypted = $request->input('password');
$user = User::where('email', $request->input('email'))->first();
if ($user) {
if (Crypt::decryptString($user->password) == $decrypted) {
Auth::login($user);
return $this->sendLoginResponse($request);
}
}
return $this->sendFailedLoginResponse($request);
}
WARNING!
All of Laravel's encrypted values are signed using a message authentication code (MAC) so that their underlying value can not be modified once encrypted.
You must have the same key. If you change the key (artisan key:generate), it means you will not be able to login.
I really don't recommend it.
来源:https://stackoverflow.com/questions/50891436/how-to-login-with-crypt-encryption-in-login-controller