如何在laravel登录刀片中加密用户名和密码

问题描述 投票:1回答:2

我已经创建了laravel应用程序。我收到打p套件报告时发现了一个问题。我需要加密电子邮件和密码(容易受到跨站点请求的伪造攻击)

这是我打的报告。

Cookie:XSRF-TOKEN =“”;my_new_session =“”_token = eff13b445f30f3f0527e58625b44c085&email = admin%40test.com&password = 123456

login.blade.php

<!DOCTYPE html>
  <html lang="en" dir="ltr">
    <head>
        <meta charset="utf-8" />
        <meta http-equiv="X-UA-Compatible" content="IE=edge" />
        <meta name="viewport" content="width=device-width, initial-scale=1" />
        <meta name="csrf-token" content="{{ csrf_token() }}">
        <script>
          window.Laravel = <?php echo json_encode([
                'csrfToken' => csrf_token(),
            ]); ?>
        </script>        
    </head>
    <body>
        <form class="form-inline" method="POST" action="{{ url('/login') }}">
        {{ csrf_field() }}
         <input type="email" autocorrect="off"  autocapitalize="off" autocomplete="off" class="form- 
           control" placeholder="Username" id="email" name="email" 
           value="{{ old('email') }}" maxlength="20" >
        <input type="password" autocorrect="off"  autocapitalize="off" autocomplete="off" 
           name="password" placeholder="Password" class="form-control" 
           id="password" value="{{ old('password') }}" >
        <button type="submit" class="btn btn-primary">Login</button>
     </form>
    </body>
 </html>

谢谢

laravel-5.8 burp
2个回答
0
投票

在控制器方法内部

$email = Hash::make($request->input('email'));
$pass = Hash::make($request->input('passwor'));
0
投票

好吧,您实际上并没有加密电子邮件,但可以加密密码。用户提交注册表后,在控制器中加密密码。并运行以下代码:

use Illuminate\Support\Facades\Hash; // Include this at the top

$password = Hash::make($request->password);
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.