我创建了一个laravel应用程序,其中的用户是普通用户和admin用户...我通过默认的laravel身份验证将它们都登录到网站...并且我有中间件来隐藏普通用户的某些路由。但是现在我遇到了一个大问题...有时,当我刷新页面时,我在另一个帐户中发现了自己(例如:现在我是约翰,刷新页面,然后发现了自己的茉莉花)! ..我以前没有遇到过这样的问题:(,现在这个问题很少发生...我现在将应用程序托管在共享托管中。
/* LoginController.php */
public function login(Request $request){
$this->validate($request,[
'email' => 'required|email',
'password' => 'required|string'
]);
if(!\DB::table('users')->where('email',$request->email)->get()->count()){
$errors = new \Illuminate\Support\MessageBag();
// add your error messages:
$errors->add('email', __('auth.failed'));
return view('auth.login')->withErrors($errors);
}
// if(\DB::table('users')->where('email',$request->email)->first()->is_active == 2){
// return redirect('/activate-account');
// }
$binary = 0;
if(\DB::table('users')->where('email',$request->email)->first()->role != 1) $binary = 1;
// login the activated users only and remember them all the time
if (\Auth::attempt(['email' => $request->email, 'password' => $request->password, 'is_active'=>1],$binary)) {
// Authentication passed...
return redirect('/');
}else{
if(\DB::table('users')->where('email',$request->email)->get()->count() == 0){
$errors = new \Illuminate\Support\MessageBag();
// add your error messages:
$errors->add('email', __('auth.failed'));
return view('auth.login')->withErrors($errors);
}else if(\DB::table('users')->where('email',$request->email)->first()->is_active == 0){
$errors = new \Illuminate\Support\MessageBag();
// add your error messages:
$errors->add('email', __('auth.blocked'));
return view('auth.login')->withErrors($errors);
}else{
$errors = new \Illuminate\Support\MessageBag();
// add your error messages:
$errors->add('email', __('auth.failed'));
return view('auth.login')->withErrors($errors);
}
}
}
/*=================================================*/
/* RoleMiddlware.php */
public function handle($request, Closure $next,$role)
{
// $roles :
// 0: user
// 1: admin
if(\Auth::user()['role'] != $role) return redirect('/');
return $next($request);
}