我试图通过Laravel中的Ajax对用户进行身份验证。
public function authenticate(){
$email = Input::get('email');
$password = Hash::make(Input::get('password'));
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
return Response::json(["success"=>"true", "login"=>"false", "error_msg"=>"<span style='margin-bottom:20px;' class='val_error_msg'>Email is not valid!</span>"]);
}
elseif(Auth::attempt(['email' => $email, 'password' => $password])){
return Response::json(["success"=>"true", "login"=>"false", "error_msg"=>"<span style='margin-bottom:20px;' class='val_error_msg'>Logged in</span>"]);
}
else{
return Response::json(["success"=>"true", "login"=>"false", "error_msg"=>"<span style='margin-bottom:20px;' class='val_error_msg'>Email/password is wrong</span>"]);
}
}
Ajax调用
$.post(
'/login/authenticate', // location of your php script
{ email: $("#log_email").val(), password: $("#log_password").val()}, // any data you want to send to the script
function( data ){ // a function to deal with the returned information
if(data.login=='false'){
$("#login_response").empty();
$("#login_response").append(data.error_msg);
}
});
但即使凭据良好,我也始终收到Email/password is wrong消息。
我尝试了if((User::where('email', $email)->where('pasword', $password)->count())==1)并且有效。
Auth::attempt()方法有什么问题?
答案 0 :(得分:2)
您必须以纯文本格式将密码传递给Auth::attempt():
$password = Input::get('password');
Auth::attempt(['email' => $email, 'password' => $password])
显然您使用md5来哈希密码。这不仅不安全,而且也不适用于Laravel的Auth方法。改为在创建用户时使用Hash::make():
$user->password = Hash::make(Input::get('password'));
答案 1 :(得分:1)
三件事:
当您尝试登录时,需要传入预先调整过的密码
$password = Input::get('password');
其次,您的返回JSON似乎是在有效登录尝试时将登录设置为false。将其更改为true:
return Response::json(["success" => 'true', "login" => 'true', "error_msg" => "<span style='margin-bottom:20px;' class='val_error_msg'>Logged in</span>"]);
第三,当您将用户存储到数据库中时,必须使用Hash::make('string')来构建他们的密码。