Scroll to top

SECURE LOGIN SYSTEM – PHP(LARAVEL) – 3

This is the part 3 of our Secure Login System in Laravel and as you expected today we will go with login module If you missed part 1 and part 2 I recommend you go for that first.  We have already completed login view and routes now we will implement controller method. Our LoginController has two methods related to log in that are showLogin and storeLogin. showLogin will display login form and storeLogin will get the credentials to validate and authenticate a user. Our storeLogin method is below

public function storeLogin() {
$inputs = array('identity' => Input::get('identity'), 'password' => Input::get('password'));
    //Since user can enter username,email we cannot have email validator
    $rules = array('identity' => 'required|min:4|max:32', 'password' => 'required|min:6');
 
    //Find is that username or password and change identity validation rules
    //Lets use regular expressions
    if (filter_var(Input::get('identity'), FILTER_VALIDATE_EMAIL)) {
        //It is email
        $rules['identity'] = 'required|min:4|max:32|email';
    } else {
        //It is username . Check if username exist in profile table
        if (Profile::where('username', Input::get('identity')) -> count() > 0) {
            //User exist so get email address
            $user = Profile::where('username', Input::get('identity')) -> first();
            $inputs['identity'] = $user -> email;
 
        } else {
            Session::flash('error_msg', 'User does not exist');
            return Redirect::to('/login') -> withInput(Input::except('password'));
        }
    }
 
    $v = Validator::make($inputs, $rules);
 
    if ($v -> fails()) {
        return Redirect::to('/login') -> withErrors($v) -> withInput(Input::except('password'));
    } else {
        try {
            //Try to authenticate user
            $user = Sentry::getUserProvider() -> findByLogin($inputs['identity']);
 
            $throttle = Sentry::getThrottleProvider() -> findByUserId($user -> id);
 
            $throttle -> check();
 
            //Authenticate user
            $credentials = array('email' => $inputs['identity'], 'password' => Input::get('password'));
 
            //For now auto activate users
            $user = Sentry::authenticate($credentials, false);
 
            //At this point we may get many exceptions lets handle all user management and throttle exceptions
        } catch (Cartalyst\Sentry\Users\LoginRequiredException $e) {
            Session::flash('error_msg', 'Login field is required.');
            return Redirect::to('/login');
        } catch (Cartalyst\Sentry\Users\PasswordRequiredException $e) {
            Session::flash('error_msg', 'Password field is required.');
            return Redirect::to('/login');
        } catch (Cartalyst\Sentry\Users\WrongPasswordException $e) {
            Session::flash('error_msg', 'Wrong password, try again.');
            return Redirect::to('/login');
        } catch (Cartalyst\Sentry\Users\UserNotFoundException $e) {
            Session::flash('error_msg', 'User was not found.');
            return Redirect::to('/login');
        } catch (Cartalyst\Sentry\Users\UserNotActivatedException $e) {
            Session::flash('error_msg', 'User is not activated.');
            return Redirect::to('/login');
        } catch (Cartalyst\Sentry\Throttling\UserSuspendedException $e) {
            Session::flash('error_msg', 'User is suspended ');
            return Redirect::to('/login');
        } catch (Cartalyst\Sentry\Throttling\UserBannedException $e) {
            Session::flash('error_msg', 'User is banned.');
            return Redirect::to('/login');
        }
 
        Session::flash('success_msg', 'Loggedin Successfully');
        return Redirect::to('/');
 
    }
 
}

Our storeLogin method takes username/email and finds out if the user entered username/email address then validate the fields and authenticate the user. If we have a login then Logout is necessary to add a new method to our LoginController and add logout functionality.
Controllers/LoginController.php

public function getLogout() {
 Sentry::logout();
 return Redirect::to('/login');
 }

That’s so simple, where should we put log out button? In dashboard? yes, lets put that logout button in Dashboard view

index.blade.php

We are in DASHBOARD
<a href="/logout"> Logout</a>

We are done with our storeLogin method now If you enter correct email and password you will be redirected to index view and presented with a logout button. If you enter wrong details validation errors will be shown as below

Login Error

We are almost done rest of the things left are forgotpassword, new password. In the next post, we will complete our forgotpassword and new password module

Thanks
KodeInfo

Author avatar

admin

http://www.kodeinfo.com
Imran is a web developer and consultant from India. He is the founder of KodeInfo, the PHP and Laravel Community . In the meantime he follows other projects, works as a freelance backend consultant for PHP applications and studies IT Engineering . He loves to learn new things, not only about PHP or development but everything.

Post a Comment

Your email address will not be published. Required fields are marked *