在用户输入其凭据并尝试登录之后,并且找到该用户之后,如果在数据库“其中userID = request和roleType =”中找到了用户选择的角色,我们将检查一个siterole表。请求”,则登录成功,否则由于选择错误的用户角色而失败。 代码很简单:
$findrole = $request->role;
$user_id = Auth::user()->id;
$userrole = DB::table('siterole')->where('role_id' ,'=',$findrole)->where('user_id' ,'=', $user_id)->get();
if(!empty($userrole)) {
make it login
}
else{
redirect it with a fail login
}
由于登录失败,我的意思是不应设置会话,我在该位置尝试了
vendor\laravel\framework\src\Illuminate\Foundation\Auth\AuthenticatesUsers.php
但,当找不到该“ user_Id”的“ role_id”时,该用户已登录并重定向到错误的页面! 编辑我将代码放入其中的功能是这样的: 公共功能登录(请求$ request) {
$this->validateLogin($request);
$throttles = $this->isUsingThrottlesLoginsTrait();
if ($throttles && $lockedOut = $this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
$credentials = $this->getCredentials($request);
if (Auth::guard($this->getGuard())->attempt($credentials, $request->has('remember'))) {
//MYCODE GOES BETWEEN THESE LINES
if its not empty return the below code
return $this->handleUserWasAuthenticated($request, $throttles);
}
if ($throttles && ! $lockedOut) {
$this->incrementLoginAttempts($request);
}
//if its empty return to this section
return $this->sendFailedLoginResponse($request);
}
答案 0 :(得分:0)
Auth::user()->id仅在通过身份验证后才返回用户ID。在示例代码的第2行中,当您创建$ user_id变量时,尚未进行身份验证,因此该变量始终为null。您需要以其他方式获取user_id。
答案 1 :(得分:0)
找到了解决方案,所以我要提出的条件是laravel已经返回了login = true,所以我无能为力。
attemp()实际上是尝试登录位于
中的供应商\ laravel \ framework \ src \ Illuminate \ Auth \ SessionGuard.php
现在在attemp函数中,我们无法访问我们的请求,但是我们可以传递用户类型,我在位于以下位置的函数getCredentials中将其称为(角色):
供应商\ laravel \框架\ src \ Illuminate \ Foundation \ Auth \ AuthenticatesUsers.php 第1步:
protected function getCredentials(Request $request)
{
//sending role as credential too
// my input name was role
return $request->only($this->loginUsername(), 'password','role');
}
现在,因为我们在attemp()中传递了凭据的第二个数组 BUT ,所以我们必须从主要凭据中取消设置它,因为laravel将为array中的每个键创建一个where子句: 第2步
public function attempt(array $credentials = [], $remember = false, $login = true)
{
//get the user roll to check if the user has the same role
//else kill him #Stormspirit
$user_role = $credentials['role'];
//as laravel make the where clause for every field we unset it from the array
unset($credentials['role']);
$this->fireAttemptEvent($credentials, $remember, $login);
$this->lastAttempted = $user = $this->provider->retrieveByCredentials($credentials);
// If an implementation of UserInterface was returned, we'll ask the provider
// to validate the user against the given credentials, and if they are in
// fact valid we'll log the users into the application and return true.
if ($this->hasValidCredentials($user, $credentials)) {
//user credential was valid check the role part
$userrole_finder = DB::table('siterole')->where('role_type',$user_role)->where('user_id',$user->id)->get();
if($userrole_finder==[]) {
$login = false;
return false;
}
if ($login) {
$this->login($user, $remember);
}
return true;
}
全部准备好!别忘了添加使用数据库; 检查用户角色表,如果为空,则将登录名设置为false并返回false,其余操作将完成,您将看到laravel的无效凭证错误。
您可以为我刚刚称之为角色的用户类型实现此功能。您还可以将用户类型放在一个会话中,放在AuthenticatesUsers.php中的handleUserWasAuthenticated函数中,上述确切位置
protected function handleUserWasAuthenticated(Request $request, $throttles)
{
session(['user_role' => $request->role]);
if ($throttles) {
$this->clearLoginAttempts($request);
}
if (method_exists($this, 'authenticated')) {
return $this->authenticated($request, Auth::guard($this->getGuard())->user());
}
return redirect()->intended($this->redirectPath());
}