Using Multiple tables for authentication in laravel

Published

Estimated Reading Time: 2 minutes

Laravel provides a good authentication handler with the Auth class. To authenticate a user attempting to log in, we use the attempt method like so:

<?php
if (Auth::attempt(array('email' => $email, 'password' => $password)))
{
    return Redirect::intended('dashboard');
}
?>

That’s just as it is in the docs. But this checks against the users table which is fine because most apps have a users table for authentication. I’ve never had a need to build something requiring more tables for authentication but I had someone requesting for a solution to this and I was really interested in getting this to work.

If you don’t already have a helpers file, create one. I made this neat little facade-style function for you to replace with Auth::attempt.

<?php
class Hack{
	/**
	* @author 	Joseph Rex
	* @since 	12/09/2014
	* @param 	array 	format: array('database'=>'database_for_query','username'=>'username_or_email','password'=>'password')
	* @return 	bool
	*/
	public static function verify(array $auth = array()){
		$fields = array_keys($auth);
		// Now we will use eloquent to immitate this DB::where(email, 'email')
		$model = ucfirst( strtolower( substr($auth[$fields[0]], 0, -1) ) );
		$fetch = $model::where( $fields[1], $auth[$fields[1]] )->first();
		if( ($fetch == NULL) || (count($auth) !== 3) ):
			return false;
		elseif( crypt($auth[$fields[2]], $fetch->password) == $fetch->password ):
			Session::put('id', $fetch->id);
			return true;
		else:
			return false;
		endif;
	}
}
?>

The function is self-explanatory. It checks if the user exists in the database using the fields you provide as key for the validation function. If the user exists, it fetches the user details which includes the password and id. This part requires that you should have a model for the table you are validating as it uses eloquent ORM.

The password is checked for validity and if it passes, the pooled id from the database is used to create a session id for the user. It is used like so:

<?php
if (Hack::verify(array('database' => 'users' ,'email' => $email, 'password' => $password)))
{
    return Redirect::intended('dashboard');
}
?>

Did I forget to mention? The first argument is the name of the database you want to authenticate, making it more flexible.

show comments