Authentication
Many applications will want a layer of Authentication. If you are writing a blog, you don’t want
your readers to be able to post new topics. If you’re working with some sensitive data, you don’t
want unauthorised users accessing it.
Fortunately, Laravel has a simple, secure, and highly customisable Authentication class. Let’s
take a look at how we can interact with it.
14.1 Setup
Before we begin you are going to need to create a new table to store our user details. We can name
this table whatever we like, but if we name it users we won’t have to change the Authentication’s
configuration file. Here’s how to create a suitable table with the Schema Builder.
1 <?php
2
3 Schema::create('users', function($table) {
4 $table->increments('id');
5 $table->string('username', 128);
6 $table->string('password', 64);
7 });
You can add as many additional fields as you like, but this will get us going. Let’s also create a
sample user that we can use to test the authentication process. First I should explain how the
Hash class works.
You can use the Hash class to hash a password using the highly secure bcrypt algorithm. It’s
very simple to use, here is an example.
1 <?php
2
3 $pass = Hash::make('my_password_string');
In the above snippet we create a bcrypt hash out of our password. By storing the hash in the
database instead of the plain text password, it offers our users some extra security. You will find
this is common practice with web applications.
If you would like to compare a hashed password with a value, simply use the check() method.
For example..
1 <?php
2
3 Hash::check('my_pass', $pass);This will return a boolean result true on successful match, and false on failure. Now that we
know how to hash a password, we can create our sample user. I am going to call him Dexter.
You see I am watching the TV show Dexter while writing this chapter, it’s great to write with
background noise, try it with coding, it really works! Onwards to Dexter..
1 <?php
2
3 DB::table('users')->insert(array(
4 'username' => 'Dexter',
5 'password' => Hash::make('knife')
6 ));
Now we must choose which of the default authentication drivers we wish to use. We have the
choice of ‘eloquent’ or ‘fluent’.
The ‘fluent’ driver will use Fluent to interact with the database, and return an object representing
the the user tables row when we call Auth::user(). The eloquent driver will return an Eloquent
model representing the user instead.
Configuration for authentication driver, table or object name, and field names can all be found
within ‘application/config/auth.php’.
1 <?php
2
3 return array(
4
5 'driver' => 'eloquent',
6
7 'username' => 'email',
8
9 'model' => 'User',
10
11 'table' => 'users',
12 );
Let’s change ‘driver’ to fluent to use the fluent query builder as the authentication driver, and
change the ‘username’ config item to ‘username’ so that we can log our users into our application
using their username rather than an email address.
1 <?php
2
3 return array(
4
5 'driver' => 'fluent',
6
7 'username' => 'username',8
9 'model' => 'User',
10
11 'table' => 'users',
12 );