read http://laravel.com/docs/5.1/authentication#authenticating-users
if (Auth::attempt(['email' => $email, 'password' => $password])) {
// Authentication passed...
return redirect()->intended('dashboard');
}
or simply
$user = User::find(1);
Auth::login($user);
@astroanu Thank you very much.. sorry for bad english. I intent to create a web API app, in order to secure every API call, i want to create a simple authentication layer. I already read about this at the resource : http://laravel.com/docs/5.1/authentication#http-basic-authentication
this kind ( onceBasic ) of authentication method is fit my needs, but what i am trying to do is, i want to authenticate the email and password without checking in to my database, i want to hardcode that credential. I created a middleware and implemented OnceBasic, but it makes have to create User table that i really don't needed to.
so i am thinking how to create a middleware with similar Oncebasic method but without checking the credential into my database, but just validate it with hardcoded credential. But i really stuck, where and how i have to do this.
thank you for reply,
Regards,
vidyhermes
oh now i get it..
You can write the api without authentication. Ditch the user table. Add a password from server side (from apache). https://httpd.apache.org/docs/2.2/howto/auth.html "Authorization: Basic",
When you send a request to the api it will then ask for the password. When calling the API you can pass the password and the username required by apache using curl.. something like this http://stackoverflow.com/questions/20064271/how-to-use-basic-authorization-in-php-curl
This method will work for you unless you need to connect the user in session with the data you fetch from the API.
@astroanu, thank you very much. I already figure out how to solve this problem. I am still using the middleware i created, and make a little modification into this :
<?php
namespace App\Http\Middleware;
use Auth;
use Closure;
class MyAuth
{
public function handle($request, Closure $next)
{
if (!$this->basic_validate($request->header('PHP_AUTH_USER'), $request->header('PHP_AUTH_PW'))) {
$data = ['error' => ['message' => 'Not Found', 'status_code' => 404]];
return response()->json($data, 404, array(), JSON_PRETTY_PRINT);
}
return $next($request);
}
private function basic_validate($user, $password)
{
if ($user == 'vidy' && $password == 'pvidy') {
return true;
}
return false;
}
}
However i still needs some enhancement, i think laravel already provided really helpful way to solve my problem, but i still doesn't find out how, temporarily i am using this, because i need a quick solution to make a progress. But i hope someone kindly share with me.
thank you very much.
Regards,
vidyhermes
hmm..this would also work. however i guess you just need some sort of authentication (that is secure) that would work with the API request but, later you might use the actual user table to authenticate ?
then reconsider the above flow i described. That way if you later decide to authenticate with the User model you just need to remove the Basic Authentication from apache and add Basic Authentication from Laravel using a middleware. You won't need to change your client's code.
Also instead of returning a 404 which is "not found", it's good to send a 401 "Unauthorized" or a 403 "Forbidden"
@astroanu thank you my friend, yes indeed, if i need to use actual table later, i will make some changes at my routes.php, apply basic auth middleware into my route.
thank you my friend.
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast