0

I would like to manually authenticate the users in my company. The issue is that, I have 2 tables, called Student and Staff in the Oracle database.

As for the Student table, I get the idea of overriding the built in Auth method provided through the auth scaffolding command as the username and password are stored right into the table.

As for the Staff table, the password is stored a different column/table and encrypted using a stored procedure/package so the only way to get the user validation is by calling the package which only returns 0 or 1 only.

What I have done,

I wrote my own Routes, and added my own functions in LoginController.

public function loginStaff(Request $req){
    $username = Str::upper($req->input('username'));
    $password = $req->input('password');

    $users = PortalUser::where('ID', $username)->firstOrFail();

    if ($users->user_type == 'STAFF'){

       $queryResult = DB::select('select PACKAGE.validStaff(?,?) from dual',[$username, $password]);

       if($queryResult == 1){

              //this is where I would like to auth the user.
              //using Auth::Attempt and Auth::Login will only run the default query
       }

}

I have successfully returned value of 1 and 0 in the controller.

So is there anything that I am missing? Or should I manually set the session by myself using the session() method?

Thank you.

Improve this question

2 Answers 2

Reset to default
1

If you want to manually authenticate users, you can easily use sessions. Have the following code as reference:

//this is where I would like to auth the user.
//using Auth::Attempt and Auth::Login will only run the default query

// typically you store it using the user ID, but you can modify the session using other values.     
session()->put('user_id', user id from database here);

And if you want to check whether user is authenticated, modify RedirectIfAuthenticated middleware to this:

<?php

namespace App\Http\Middleware;

use App\Providers\RouteServiceProvider;
use Closure;
use Illuminate\Support\Facades\Auth;

class RedirectIfAuthenticated
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @param  string|null  $guard
     * @return mixed
     */
    public function handle($request, Closure $next, $guard = null)
    {
        if (session()->has('user_id')) {
            return redirect(  custom path here );
        }

        return $next($request);
    }
}

When you want to logout the user, simply destroy the session key

session()->forget('user_id');

**Note: ** many broadcasting and addons use Laravel's authentication system (Guards) and you may need to hook into their code if you want to use them with your custom auth system

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

Looks promising! I have been thinking on manually use session the usual php way for a few days but looking through the base codes in laravel auth makes me thinking will I miss any useful features from it. Do you think I would need guards in my case? Btw I wouldn't be able to use features like Auth::check right?
Are you planning on using broadcasters or APIs for your application?
I do actually. Not right now but we have some current apps(will be migrated to this laravel base) that will benefit a lot from the broadcasting features. Also the APIs are a must though, as we have multiple other apps on a different platforms. I hope there is a workaround though.
I think you should wait for another better answer :)
Cool thanks. I will try your method tomorrow back at the office and report back. For now it seems the only way for my case.
|
1

Laravel provides Custom Session Drivers which you can use to create or delete your sessions

<?php

namespace App\Extensions;

class MongoSessionHandler implements \SessionHandlerInterface
{
    public function open($savePath, $sessionName) {}
    public function close() {}
    public function read($sessionId) {}
    public function write($sessionId, $data) {}
    public function destroy($sessionId) {}
    public function gc($lifetime) {}
}

Hope it helps, if not then comment down below. Will help you out.

###### Update #######

I think then you do have to make custom HTTP sessions from Laravel

Step 1: Create another table in your database for session, like this;

Schema::create('sessions', function ($table) {
    $table->string('id')->unique();
    $table->unsignedInteger('user_id')->nullable();
    $table->string('ip_address', 45)->nullable();
    $table->text('user_agent')->nullable();
    $table->text('payload');
    $table->integer('last_activity');
});

Step 2: Store data in the session, you will typically use the put method or the session helper;

// Via a request instance...
$request->session()->put('key', 'value');

// Via the global helper...
session(['key' => 'value']);

Step 3: Get the key for specific user when your function returns 1

$value = $request->session()->get('key', function () {
    return 'default';
});

Step 4: Delete the session, after some time you need to delete the session for security reasons then you can do.

$value = $request->session()->pull('key', 'default');
Improve this answer

2 Comments

Sound nice. But I see the name MongoDB there. Is there something like this for Oracle? Can't seem to find it on Google.
You can follow the other answer in your post but if you are looking to have a Facebook type session (which lets you logged in) then you should add session in a separate table. Also, note to add expiry for session after a certain date or time, it is a good practice.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.