So, I'm trying to create a 'remember me' function in the login process in my laravel application. I created a basic form with email, password and remember me checkbox as input, as can be seen below:
<div class="col-xs-0 col-sm-6 col-md-6 col-md-offset-3 col-sm-offset-3 col-cs-offset-5" id="content">
{{ Form::open(['route' => 'sessions.store']) }}
<div>
{{ Form::label('email', 'Email:') }}
{{ Form::email('email') }}
</div>
<div>
{{ Form::label('password', 'Password:') }}
{{ Form::password('password') }}
</div>
<div>
{{ Form::label('remember', 'Remember me:') }}
{{ Form::checkbox('remember', 'Remember-me') }}
</div>
<div>{{ Form::submit('login') }}</div>
{{ Form::close() }}
</div>
This posts to the function below. But what happens right now, is that the user is always logged in with the true parameter. What am I doing wrong?
public function store()
{
$email = Input::get('email');
$password = Input::get('password');
$remember = Input::get('remember');
if ($remember == 'Remember-me') {
if (Auth::attempt(array('email' => $email, 'password' => $password), true))
{
return Redirect::intended('/');
}
return Redirect::back()->withInput();
} else {
if (Auth::attempt(array('email' => $email, 'password' => $password)))
{
return Redirect::intended('/');
}
return Redirect::back()->withInput();
}
}
Passing true as the third parameter of Auth::attempt will remember the login on success. Additionally your $remember check makes no sense because checkbox is supposed to represent a boolean value and Input::get returns it as either 1 or null which evaluates to true or false respectively.
What you probably want is this:
public function store()
{
$input = Input::only('email', 'password');
$remember = Input::get('remember');
if (Auth::attempt($input, $remember)
{
return Redirect::intended('/');
}
return Redirect::back()->withInput();
}
One of the reasons remember me is hard to do right (and there are many) is that the first time someone logs in with the box checked they need to login conventionally and that triggers the storage that you are going to do which allows them to log in without supplying their user name and password when they come back after their session has expired and they have closed their browser etc. So the initial authentication must be totally normal except for the addition of the step where the storage for future login happens. The remember me box being checked plays no role in that initial authentication. Assuming you are going to store the data in a cookie, checking the box means that after successful authentication the cookie is created and the other logic that will be needed for remember me authentication is implemented (and I won't go into the issues around that).
Later when they come back they shouldn't need to check the box or anything like that, they should just be logged in. That's when the remember me functionality comes into play however it is that you are implementing that.
This worked for me:
$remember = (Input::has('remember')) ? true : false;
The View looks like this:
<div class="field">
<input type="checkbox" name="remember" id="remember" />
<label for="remember">Remember me</label>
</div>
Off an old tutorial I don't know where I found, but it works.