Auth::instance returning false when logging a user in

Question

I am creating a new user and then trying to log them in, the user is saved in the database and their role is also saved. Although I never hit the redirect to say they have been logged in. I have debugged the Auth::Instance->login and I get back FALSE

public function action_index()
{

    $view = View::factory('index/home');

    if( Request::current()->post() ):
        $post = $_POST;

        try {
            $user = ORM::factory('User');

            $user->username = $post['username'];
            $user->password = $post["password"];
            $user->email = $post["email"];
            $user->logins = +1;
            $user->save();


            if ($user->saved() ):
                $user->add('roles', ORM::factory('Role')->where('name', '=', 'login')->find());


                $logged_in = Auth::instance()->login($post['username'], $post['password']); 

                echo Debug::vars($logged_in); exit;                 

                if ($logged_in):
                    HTTP::redirect("/dashboard/");  
                endif;

            endif;  

        } catch (Exception $e) {
            echo Debug::vars($e); exit;
        }
    endif;

    $index_page = $view->render();  
    $this->response->body($index_page);         
}

Config

return array(

'driver'       => 'ORM',
'hash_method'  => 'sha256',
'hash_key'     => 'bernardo',
'lifetime'     => 1209600,
'session_type' => Session::$default,
'session_key'  => 'auth_user',

);

Could it be something is going wrong with the password while hashing?

Answer 1

You are storing the password in plaintext in the database (unless you apply a filter of some kind). Try the following:

$user->password = Auth::instance()->hash($post["password"]);

This will make sure the password is hashed before storage. Auth will hash the password before comparing it to the values in the database.