如何在laravel登录刀片中加密用户名和密码

时间:2019-11-08 07:48:59

标签: laravel-5.8 burp

我已经创建了laravel应用程序。我收到打p套件报告时发现一个问题。我需要加密电子邮件和密码(容易受到跨站点请求的伪造攻击)

这是我打的报告。

  

Cookie:   XSRF-TOKEN =“”;   my_new_session =“”   _token = eff13b445f30f3f0527e58625b44c085&email = admin%40test.com&password = 123456

login.blade.php 

<!DOCTYPE html>
  <html lang="en" dir="ltr">
    <head>
        <meta charset="utf-8" />
        <meta http-equiv="X-UA-Compatible" content="IE=edge" />
        <meta name="viewport" content="width=device-width, initial-scale=1" />
        <meta name="csrf-token" content="{{ csrf_token() }}">
        <script>
          window.Laravel = <?php echo json_encode([
                'csrfToken' => csrf_token(),
            ]); ?>
        </script>        
    </head>
    <body>
        <form class="form-inline" method="POST" action="{{ url('/login') }}">
        {{ csrf_field() }}
         <input type="email" autocorrect="off"  autocapitalize="off" autocomplete="off" class="form- 
           control" placeholder="Username" id="email" name="email" 
           value="{{ old('email') }}" maxlength="20" >
        <input type="password" autocorrect="off"  autocapitalize="off" autocomplete="off" 
           name="password" placeholder="Password" class="form-control" 
           id="password" value="{{ old('password') }}" >
        <button type="submit" class="btn btn-primary">Login</button>
     </form>
    </body>
 </html>

谢谢

2 个答案:

答案 0 :(得分:1)

内部控制器方法

$email = Hash::make($request->input('email'));
$pass = Hash::make($request->input('passwor'));

答案 1 :(得分:1)

好吧,您实际上并没有加密电子邮件,但可以加密密码。 用户提交注册表后,在控制器中加密密码。 并运行以下代码:

use Illuminate\Support\Facades\Hash; // Include this at the top

$password = Hash::make($request->password);
相关问题
最新问题