我试图在登录页面上使用auth :: attempt()。但是auth :: attempt()始终返回false。我尝试了较旧的stackoverflow帖子中可用的所有其他方法,但仍然找不到正确的解决方案。我是laravel的新手,想知道如何在不使用laravel auth的情况下检查'email'和'password'是否与users表中的任何记录匹配?
users.php
<?php
namespace App;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Notifications\Notifiable;
use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Foundation\Auth\User as Authenticatable;
class users extends Authenticatable
{
use Notifiable;
protected $fillable = ['name', 'username', 'password', 'email',];
}
login.blade.php
<!DOCTYPE html>
<html>
<head>
<title>SUST ONLINE EXAM - Student Login</title>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js"></script>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"/>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
<style type="text/css">
.box{
width:600px;
margin:0 auto;
border:1px solid #ccc;
}
</style>
</head>
<body>
<br />
<div class="container box">
<h3 align="center">STUDENT LOGIN!</h3><br />
@if(isset(Auth::user()->email))
<script>window.location="/student";</script>
@endif
@if ($message = Session::get('error'))
<div class="alert alert-danger alert-block">
<button type="button" class="close" data-dismiss="alert">×</button>
<strong>{{ $message }}</strong>
</div>
@endif
@if (count($errors) > 0)
<div class="alert alert-danger">
<ul>
@foreach($errors->all() as $error)
<li>{{ $error }}</li>
@endforeach
</ul>
</div>
@endif
<form method="post" action="{{ url('/student') }}">
{{ csrf_field() }}
<div class="form-group">
<label>Enter Email</label>
<input type="email" name="email" class="form-control" />
</div>
<div class="form-group">
<label>Enter Password</label>
<input type="password" name="password" id="p1" class="form-control" />
</div>
<div class="form-group">
<input type="submit" name="login" class="btn btn-primary" value="Login" />
</div>
</form>
</div>
<!--
@foreach($data as $value)
<table>
<tr>
<td> {{ $value->email }} </td>
<td> {{ $value->password }} </td>
</tr>
</table>
@endforeach
-->
</body>
</html>
web.php
<?php
/*
|--------------------------------------------------------------------------
| Web Routes
|--------------------------------------------------------------------------
|
| Here is where you can register web routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| contains the "web" middleware group. Now create something great!
|
*/
Route::get('/', function () {
return view('index');
});
Route::get('/welcome', function () {
return view('index');
});
Route::get('/register', function () {
return view('registration');
});
Route::get('/student', function () {
return view('studentRegistration');
});
Route::get('/create-exam', function () {
return view('createExam');
});
Route::get('/login', function () {
return view('login');
});
Route::get('/login', 'Controller@getdata');
Route::post('/student', 'Controller@checklogin');
//Route::get('/logout', 'LoginController1@logout');
//Route::get('/student', 'LoginController1@successlogin');
Route::post('/insert', 'Controller@insert');
//Auth::routes();
//Route::get('/home', 'HomeController@index')->name('home');
Controller.php
<?php
namespace App\Http\Controllers;
use Illuminate\Foundation\Bus\DispatchesJobs;
use Illuminate\Routing\Controller as BaseController;
use Illuminate\Foundation\Validation\ValidatesRequests;
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Input;
use DB;
use Auth;
use Validator;
use Hash;
use App\users;
class Controller extends BaseController
{
use AuthorizesRequests, DispatchesJobs, ValidatesRequests;
function insert(Request $req)
{
$this->validate($req, [
'name' => 'required',
'username' => 'required',
'password' => 'required',
'email' => 'required'
]);
$Name = $req->input('name');
$Username = $req->input('username');
$Password = $req->input('password');
$Password = Hash::make('password');
$Email = $req->input('email');
DB::table("users")->insert(["name"=>$Name,"username"=>$Username,"password"=>$Password,"email"=>$Email]
);
// DB::table('users')->insert($data);
echo "user inserted";
}
function checklogin(Request $request)
{
$this->validate($request, [
'email' => 'required|email',
'password' => 'required|min:3'
]);
$auth = array(
'email'=>$request->get('email'),
'password'=> $request->get('password'));
//dd($auth);
if(Auth::attempt($auth))
{
// return back()->with('error', 'RIGhT Login Details');
return redirect('student');
}
else
{
return back()->with('error', 'Wrong Login Details');
}
}
function successlogin()
{
return view('studentRegistration');
}
function logout()
{
Auth::logout();
return redirect('index');
}
public function getdata()
{
$data['data']=DB::table('users')->get();
return view('login',$data);
}
}
我希望当我正确输入保存在mysql中的电子邮件和密码时,auth :: attempt()会返回true。 :尝试()? 我受够了auth :: attempt()! 简而言之: 1)密码是散列的。 2)Auth :: attempt()始终返回false 3)我使用mysql db,根据laravel User.php更改了users.php模型。
答案 0 :(得分:0)
基本上,这是您检查电子邮件和密码的常用选项。喜欢,
if((email_from_input == email_from_database) && (password_from_input == password_from_database)) {
// Credential match. now you can do any action.
}
在任何框架中,或者出于我们的安全问题,我们不会直接以纯文本形式插入密码。我们使用一些加密算法。对于您的情况,您通过$Password = Hash::make('password');
之后,您将无法使用数据库检查密码的纯文本。因此,针对您的情况的上述功能将是
if((email_from_input == email_from_database) && (Hash::make('password_from_input') == password_from_database)) {
// Credential match. now you can do any action.
}
但是请记住,laravel Auth::attemp()有一些基本到中间的安全性,所以,我的建议是,找出为什么总是返回false。并根据需要true/false。
尝试使用attemptLogin代替attempt。这也可以解决您的问题。
请不要忘记在课程内部添加use AuthenticatesUsers;,并在顶部添加Illuminate\Foundation\Auth\AuthenticatesUsers;。然后尝试。