I am trying out the Jeffrey Way Authentication Essentials Tutorial on Laravel 4, but I am getting not the same results. (https://www.youtube.com/watch?v=msEwmVZ4wp4)

When I check for dd($attempt), I always get false, even if I logged in with the right credentials.

Please someone tell me, where I am going wrong. I already google a lot, and some people claim, that the password needs to be hashed, and I hash it, before putting it into the database, but there must still be an error somewhere else.

Here is my code: http://help.laravel.io/faff81e66d3672cb96d5ae2f8d0cccbf2e7f9052

Also here the most important pieces of code:

My View with the form: create.blade.php

Login

{{ Form::open(array('route' => 'sessions.store')) }}

    <ul>
        <li>
            {{ Form::label('email', 'Email:')}}
            {{ Form::text('email')}}
        </li>
        <li>
            {{ Form::label('password', 'Password:')}}
            {{ Form::password('password')}}
        </li>
        <li>
            {{ Form::submit() }}
        </li>
    </ul>

{{ Form::close() }}

And my SessionsController.php

public function create()
{
    //
    $users = User::all();

    return View::make('sessions.create')
        ->with('users', $users);
}

/**
 * Store a newly created resource in storage.
 *
 * @return Response
 */
public function store()
{
    // validate

    $input = Input::all();

    $attempt = Auth::attempt([
        'email' => $input['email'],
        'password' => $input['password']
    ]);

    dd($attempt);

    // if($attempt) {
    //  return Redirect::intended('/');
    // } else {
    //  return 'whatever bro';
    // };

    // dd('problem');
}

Here is a screenshot of my database: http://i.imgur.com/sTGQu39.jpg

I expect the boolean of dd($attempt) to be correct, if I type in the correct login credentials, but it always shows as false.

Please can someone correct my code :)

Kind regards,

George

From the screenshot of your database I can see that you are not hashing password before storing it in the database. The Auth::attempt function consider that your password is hashed so it apply Hash::make to the given password and then compare it with the one stored in the database.

To make your code work, when registering a user you should use the Hash::make function before storing the password:

 $password = Hash::make($input['password']);
 $user->password = $password;
 $user->save(); 

Take a look on the documentation http://laravel.com/docs/security

The problem is really the hashing of the password.

For anyone stumbling uppon the same problem, change your Seeder to this:

 // Composer: "fzaninotto/faker": "v1.3.0"
 use Faker\Factory as Faker;

 class UsersTableSeeder extends Seeder {

public function run()
{
    $faker = Faker::create();

    foreach(range(1, 10) as $index)
    {
        User::create([
            'username' => $faker->name,
            'email' => $faker->email,
            'password' => Hash::make('1234')
        ]);
    }
}

 }

In previous attempts, I just try to seed, but no in the above mentioned way. Nonetheless. Hope somebody has more luck with finding this answer, if it helps.