我试图通过仅允许管理员访问它们来保护我的某些网页。我一直在尝试使用过滤器来保护这些页面,但它并没有按预期工作。例如,如果用户尝试在其Web浏览器中输入管理员URL,则浏览器仍会授予未经授权的用户访问权限。
编辑:对我的代码进行了更改,以便只有在成功登录后才能访问管理页面。
routes.php文件:
// All users have access to this home page
Route::get('/', ['as' => 'home', function()
{
// Default home page
return View::make('index');
}
]);
//Admin access only
Route::get('admin/index', ['before' => 'auth',function()
{
//Only allow admin access to this page
return View::make('admin_index');
}
]);
filters.php(默认的filters.php文件):
/* Default 'filters.php' is fine. */
Route::filter('auth', function()
{
if (Auth::guest())
{
if (Request::ajax())
{
return Response::make('Unauthorized', 401);
}
else
{
return Redirect::guest('login');
}
}
});
控制器(SesssionsController.php):
public function index()
{
return View::make('sessions.index');
}
/*
Show the form for creating a new resource
*/
public function create()
{
return View::make('sessions.create');
}
public function store()
{
// validate
$input = Input::all();
$attempt = Auth::attempt([
'email'=> $input['email'],
'password' => $input['password']
]);
// If authentication passes, take the user back to the homepage (For Now)
/* EDIT: Changed 'Redirect::intended(admin/index)' to 'Redirect::to('admin/index')... since that was giving me problems */
if ($attempt) return Redirect::to('admin/index')->with('flash_message', 'Welcome ' . $input['email']. ', you are logged in!');
return Redirect::back()->with('flash_message', 'Invalid credentials.')->withInput();
}
进行这些更改后,我运行了'php artisan dump-autoload'为了使我的控制器中的更改生效,现在我的管理员/索引'只有在成功登录后才能访问页面。
希望这些信息可以帮助人们!