$user = \App\User::where("name", $req->us)->firstOrFail();
then:
if(Hash::check($plain_text_password, $user->password)){
//add user to session
}
else{
//bad credentials
}
I'm aware of other methods available in Laravel, I'm asking about this specific situation.
There are two approaches.
Approach 1. You can add both username password in the where condition.
If the username and password not matching, The error message will be like "Invalid Username and password"
Approach 2. (Your approach). Get the user record from the user table using where("name", $req->us) and validate the password if(Hash::check($user->password, $user->password)). The advantage in this approach is you can show the error message like below.
You can use any approach and from a security perspective you can go with the approach 1.
Why not using following code since it is more cleaner approach to check if username exists in database and then login ?
// do validation
$validator = Validator::make($request->all(), [
'username' => 'required|exists:users',
'password' => 'required'
]);
if($validator->fails()) {
return redirect()->back()->withErrors($validator);
}
// try login using given credentials
if (Auth::attempt(['username' => $request->input('username'), 'password' => $request->input('password')])) {
// Authentication passed...
return redirect()->intended('dashboard');
}