I can not do Laravel Authentication 5.2

2

I've been trying to authenticate for some time and I can not, I'm a beginner in the business, who wants to help me know that it's practically saving my life, since I've thought about giving up on it several times.

I'm calling a controller method via the login form ./

View:

{{Form::open(array('action' => 'UsuarioController@Login', 'method' => 'POST'))}}

In the controller I am setting a variable and searching the database if the login is entered according to the table login field, then I check if the login and password returns true to redirect the desired view, otherwise the login view returns . /

Controller:

class UsuarioController extends Controller
{
    public function Login(Request $request)
    {
        $usuario = UsuarioEsic::where('login','=',$request->get('login'))->first();

        if ($usuario && $usuario->senha)      {

            Auth::login($usuario);

            return view('e_sic.usuario.esic_content');   

        } else { 
           return view('e_sic.inicio.esic_conteudo'); 
        }

    }
}

Model:

    class UsuarioEsic extends Model
{
    protected $table = 'usuario_esic';
    public $timestamps = false;
    public static $snakeAttributes = false;
    protected $dates = ['dataNasc'];
}

Note: I did not really understand the route of the routes using auth, I thought I was doing the right thing according to the tutorials I saw.

Route:

Route::group(['middleware' => 'auth'], function(){
    Route::auth();
    Route::post('/Login', 'UsuarioController@Login');
});

Auth.php:

'providers' => [
        'users' => [
            'driver' => 'eloquent',
            'model' => Portal\Entity\Local\UsuarioEsic::class,
        ],

AuthController:

protected $redirectTo = 'Esic/Conteudo';

Every time I try to log in it says that the page was not found and redirects me to the url I have or did not type anything in the login form.

I have already researched several topics in various forums, I have already seen videos and read tutorials about it and I still can not make progress on it, I know how difficult it is to learn things, but here I am asking you to ask someone with a good heart to lose a little of your time teaching me / explaining how I make it work perfectly, please! Thank you in advance.

Note: Any questions about the code I'm willing to pass on any information!

    
asked by anonymous 07.06.2016 / 15:42

1 answer

3

Basically what I could notice in your code has up to security errors in the authentication part, because:

A% base is made on the basis and compares true & true in this line ( select and has to authenticate without checking, this is a security failure everyone will log in to your site and already seen what happens.

A basic authentication would be with a method like this:

public function auth(Request $request)
{

    $values = $request->values();

    if (Auth::attempt($values, false))
    {    
        return redirect()->intended('admin/');
    }

    return 'error';

}

In this if ($usuario && $usuario->senha) comes two information : $request and email and in this method of password it checks if the user exists, if yes, authenticates the user giving permission to use the if you do not give a error message message at this time you can work the Invalid Login information and so on.

In the route part it works like this: (depends a lot on the logic used)

Example: Auth::attempt

Route::group(['middleware' => ['web'], 'namespace' => 'Admin'], function ()
{
 Route::get('/admin/login', ['as'=>'admin.login','uses'=>'LoginController@index']);
 Route::post('/admin/auth', ['as'=>'admin.auth','uses'=>'LoginController@auth']);
});

Example: Route Login

Route::group(['middleware' => ['web', 'auth'], 'namespace' => 'Admin'], function ()
{
    //CREDIT
    Route::get('/admin/credit', ['as' => 'credit', 'uses' => 'CreditController@index']);
    ...
});

That is, in login routes can not have Route que vai utilizar a autenticação that checks if any users are logged in, other routes that require authentication have been added auth

You can also configure Middleware auth

class Authenticate
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @param  string|null  $guard
     * @return mixed
     */
    public function handle($request, Closure $next, $guard = null)
    {
        if (Auth::guard($guard)->guest())
        {
            if ($request->ajax() || $request->wantsJson())
            {
                return response('Unauthorized.', 401);
            }
            else
            {
                return redirect()->guest('admin/login');
            }
        }
        return $next($request);
    }
}

Your authentication redirect: Authenticate , in my case it is admin / login .

    
07.06.2016 / 17:59