我尝试对我的登录页面使用 auth::attempt() 。但 auth::attempt() 总是返回 false。我尝试了旧的 stackoverflow 帖子中可用的所有其他方法,但仍然找不到正确的解决方案。我是 Laravel 新手,想知道如何在不使用 Laravel 身份验证的情况下检查“电子邮件”和“密码”是否与用户表中的任何记录匹配?
用户.php
<?php
namespace App;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Notifications\Notifiable;
use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Foundation\Auth\User as Authenticatable;
class users extends Authenticatable
{
use Notifiable;
protected $fillable = ['name', 'username', 'password', 'email',];
}
登录.blade.php
<!DOCTYPE html>
<html>
<head>
<title>SUST ONLINE EXAM - Student Login</title>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js"></script>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"/>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
<style type="text/css">
.box{
width:600px;
margin:0 auto;
border:1px solid #ccc;
}
</style>
</head>
<body>
<br />
<div class="container box">
<h3 align="center">STUDENT LOGIN!</h3><br />
@if(isset(Auth::user()->email))
<script>window.location="/student";</script>
@endif
@if ($message = Session::get('error'))
<div class="alert alert-danger alert-block">
<button type="button" class="close" data-dismiss="alert">×</button>
<strong>{{ $message }}</strong>
</div>
@endif
@if (count($errors) > 0)
<div class="alert alert-danger">
<ul>
@foreach($errors->all() as $error)
<li>{{ $error }}</li>
@endforeach
</ul>
</div>
@endif
<form method="post" action="{{ url('/student') }}">
{{ csrf_field() }}
<div class="form-group">
<label>Enter Email</label>
<input type="email" name="email" class="form-control" />
</div>
<div class="form-group">
<label>Enter Password</label>
<input type="password" name="password" id="p1" class="form-control" />
</div>
<div class="form-group">
<input type="submit" name="login" class="btn btn-primary" value="Login" />
</div>
</form>
</div>
<!--
@foreach($data as $value)
<table>
<tr>
<td> {{ $value->email }} </td>
<td> {{ $value->password }} </td>
</tr>
</table>
@endforeach
-->
</body>
</html>
web.php
<?php
/*
|--------------------------------------------------------------------------
| Web Routes
|--------------------------------------------------------------------------
|
| Here is where you can register web routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| contains the "web" middleware group. Now create something great!
|
*/
Route::get('/', function () {
return view('index');
});
Route::get('/welcome', function () {
return view('index');
});
Route::get('/register', function () {
return view('registration');
});
Route::get('/student', function () {
return view('studentRegistration');
});
Route::get('/create-exam', function () {
return view('createExam');
});
Route::get('/login', function () {
return view('login');
});
Route::get('/login', 'Controller@getdata');
Route::post('/student', 'Controller@checklogin');
//Route::get('/logout', 'LoginController1@logout');
//Route::get('/student', 'LoginController1@successlogin');
Route::post('/insert', 'Controller@insert');
//Auth::routes();
//Route::get('/home', 'HomeController@index')->name('home');
控制器.php
<?php
namespace App\Http\Controllers;
use Illuminate\Foundation\Bus\DispatchesJobs;
use Illuminate\Routing\Controller as BaseController;
use Illuminate\Foundation\Validation\ValidatesRequests;
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Input;
use DB;
use Auth;
use Validator;
use Hash;
use App\users;
class Controller extends BaseController
{
use AuthorizesRequests, DispatchesJobs, ValidatesRequests;
function insert(Request $req)
{
$this->validate($req, [
'name' => 'required',
'username' => 'required',
'password' => 'required',
'email' => 'required'
]);
$Name = $req->input('name');
$Username = $req->input('username');
$Password = $req->input('password');
$Password = Hash::make('password');
$Email = $req->input('email');
DB::table("users")->insert(["name"=>$Name,"username"=>$Username,"password"=>$Password,"email"=>$Email]
);
// DB::table('users')->insert($data);
echo "user inserted";
}
function checklogin(Request $request)
{
$this->validate($request, [
'email' => 'required|email',
'password' => 'required|min:3'
]);
$auth = array(
'email'=>$request->get('email'),
'password'=> $request->get('password'));
//dd($auth);
if(Auth::attempt($auth))
{
// return back()->with('error', 'RIGhT Login Details');
return redirect('student');
}
else
{
return back()->with('error', 'Wrong Login Details');
}
}
function successlogin()
{
return view('studentRegistration');
}
function logout()
{
Auth::logout();
return redirect('index');
}
public function getdata()
{
$data['data']=DB::table('users')->get();
return view('login',$data);
}
}
当我正确输入保存在 mysql 中的电子邮件和密码时,我预计 auth::attempt() 会返回 true。我是 Laravel 新手,我需要知道是否有其他方法可以在不使用 auth::attempt 的情况下验证电子邮件和密码()? 我厌倦了这个 auth::attempt() 事情! 简而言之: 1) 密码经过哈希处理。 2) Auth::attempt() 总是返回 false 3)我使用mysql db,根据laravel User.php更改users.php模型。
基本上这是常见的选项,您检查电子邮件和密码。就像,
if((email_from_input == email_from_database) && (password_from_input == password_from_database)) {
// Credential match. now you can do any action.
}
在任何框架中,或者出于我们的安全问题,我们不会直接以纯文本形式插入密码。我们使用一些加密算法。对于您的情况,您使用了
$Password = Hash::make('password');此后,您将无法与数据库检查密码的明文。因此,针对您的情况的上述函数将是,
if((email_from_input == email_from_database) && (Hash::make('password_from_input') == password_from_database)) {
// Credential match. now you can do any action.
}
但是请记住,laravel 中有一些基本到中级的安全性
Auth::attemp()true/false尝试
attemptLoginattempt永远不要忘记在课堂上添加
use AuthenticatesUsers;Illuminate\Foundation\Auth\AuthenticatesUsers;如果您想在不使用完整的 Auth::attempt() 的情况下检查凭据,您可以使用 Auth::validate() ,它的使用方式与 attempts() 方法相同,但是(当然)没有可选的 $remember 参数。
例如:
$credentialsCorrect = Auth::validate(['email' => $email, 'password' => $password]);