How to extend auth in Laravel?

StackOverflow https://stackoverflow.com/questions/23564685

  •  18-07-2023
  •  | 
  •  

Question

I have a project with already existing database with users which is slightly different from that scheme Laravel is using. So i need to extend credentials selecting from db and checking function. Basically i need to get username and password from the web, encode it with base64 and check this in db. I manage to find some info here http://laravel.com/docs/extending#authentication, but was not able to understand code for extend.

Was it helpful?

Solution

You have a huge security problem by encoding your password with base64.

Extending Auth (Guard) can be tricky, but if you need something that simple, you can do the auth yourself easily:

$user = User::where('username', Input::get('username'))->first();

if( $user && $user->password == base64_decode(Input::get('password')) )
{
    Auth::login($user); /// will log the user in for you

    return Redirect::intended('dashboard');
}
else
{
   /// User not found or wrong password
}

Laravel doesn't really mind what your user model is, you can do it with whatever table you want.

Anyway I advise you to rehash your passwords as soon your user logs in:

if (Auth::attempt(array('email' => Input::get('email'), 'password' => Input::get('password'))))
{
    return Redirect::intended('dashboard');
}
else
{
    $user = User::where('email', Input::get('email'))->first();

    if( $user && $user->password == md5(Input::get('password')) )
    {
        $user->password = Hash::make(Input::get('password'));

        $user->save();

        Auth::login($user);

        return Redirect::intended('dashboard');
    }

}

The only requirement is that your User (or whatever you call it) model implements \Illuminate\Auth\UserInterface and implement the methods it uses to get the correct data:

class Customer implements Illuminate\Auth\UserInterface extends Eloquent {

    public function getAuthIdentifier()
    {
        return 'Username';
    }

    public function getAuthPassword()
    {
        return $this->Password;
    }

    public function getRememberToken()
    {
        /// this must be implemented to Laravel knows what your data is
    }

    public function setRememberToken($value)
    {
        /// this must be implemented to Laravel knows what your data is
    }

    public function getRememberTokenName()
    {
        /// this must be implemented to Laravel knows what your data is
    }

}

What you basically have to do is to reproduce Laravel's User model, changing what you need to change to make it work with your own database table: https://github.com/laravel/laravel/blob/master/app/models/User.php

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top