This time I will bring you Laravel to implement a multi-user authentication system. What are the precautions for Laravel to implement a multi-user authentication system. The following is a practical case, let's take a look.
Preface
Since Laravel 5.2, the built-in Auth authentication system can support multiple role authentication. That is to say, if you have two roles: administrator and ordinary user, you can achieve authentication through the same Auth system.
This article will give you a detailed introduction to the relevant content of Laravel's multi-user authentication system, and share it for your reference and study. I won't say much below, let's take a look at the detailed introduction.
#1 Automatically generate code
Laravel’s own Auth can generate relevant authentication through a one-line commandController, template and routing:
php artisan make:auth
This will generate an AuthController authentication controller and HomeController universal controller. This controller is useless, it just jumps after successful login; there are also some login and registration requirements. You can find out the template file by looking at it in resource/view; and the relevant authentication routes will also be generated in the routing file. The source code is in \Illuminate\Routing\Router::auth(); , which is actually Configured some login registration:
public function auth() {
// Authentication Routes...
$this->get('login', 'Auth\AuthController@showLoginForm');
$this->post('login', 'Auth\AuthController@login');
$this->get('logout', 'Auth\AuthController@logout');
// Registration Routes...
$this->get('register', 'Auth\AuthController@showRegistrationForm');
$this->post('register', 'Auth\AuthController@register');
// Password Reset Routes...
$this->get('password/reset/{token?}', 'Auth\PasswordController@showResetForm');
$this->post('password/email', 'Auth\PasswordController@sendResetLinkEmail');
$this->post('password/reset', 'Auth\PasswordController@reset');
}
#2 auth.php file configuration
This is the configuration related to authentication Document, it is estimated that many people do not understand some concepts in it, such as guard and provider
, and the documentation is basically not written. So what exactly is guard? This can be understood as a role. Each item in the guards
array is a role. The default ones are web and api, which means that these two roles currently use the authentication system. Of course, these two will definitely not meet our requirements, so we usually customize some guards. Customization is also very simple, just add an item to the guards array, where the driver indicates how to save the user status for this authentication, usually in the session, and the provider is an item in the provider array below, so what is the provider? Woolen cloth? This is easier to understand. If you want to implement user authentication, you must save the user name and password, right? Then the provider tells Laravel which table your user information is stored in, and the driver tells Laravel which method to use to operate the database.
#3 Authentication
In fact, the code automatically generated by Laravel can already meet the needs of login and registration, but each guard requires an AuthController Come on, how do you share an authentication controller? Guard is used here because it can represent the user's identity to perform different logic. However, this guard cannot be obtained in the authentication controller, so we can achieve it through routing parameters. Define a routing group:
Route::group(['prefix'=>'{guard}'],function(){ Route::auth();});
In this routing group we set the prefix to the guard parameter, so that the current guard can be obtained in the AuthController. Under normal circumstances, we obtain routing parameters through Dependency InjectionRequest instance, but there is also a pitfall here, that is, before version 5.1, all routing parameters can be obtained through
$request->input('key')
, but it no longer works in 5.2. It must be obtained through
$request->key
, or directly from the routing instance. I don’t know the reason for this. Some traits are used in the AuthController controller. These traits implement the logic of authentication registration. You can customize the logic by rewriting some properties of the controller. Including $redirectTo and $guard and $username, etc. At a glance, you can tell that the first one is to jump after successful login, and the second one is Define the guard currently used, and the third one is the username field used for authentication. So we can customize it by obtaining the guard in the authentication controller.
#4 Route Protection
一般做认证系统的,都是要来保护路由的,那么如何保护路由呢?文档里面说给需要保护的路由添加一个auth中间件,那么事实是怎样的呢?事实也确实是这样,不过文档没有说的一点是,通过auth中间件保护的路由必须还要加上web中间件、必须还要加上web中间件、必须还要加上web中间件,重要的事情要说三遍啊,不然会出现什么问题呢?不管你认证成功失败都是会跳转到/这条路由,这个大坑要注意!当然你也可以在中间件中指定guard来让Laravel知道通过那个来认证,如果没指定的话就是使用配置文件里面默认的:
Route::get('profile', [ 'middleware' => 'auth:api', 'uses' => 'ProfileController@show']);
#5 获取用户实例
通过认证后就可以通过Auth门面来获取到当前通过认证的用户实例。
$user = Auth::user();
这里还有一个要注意的是,以上的方式默认获取的是配置文件中的guard的,假如你当前登录的guard不是配置文件中的,就必须要这样子来获取:
$user = Auth::guard('guard')->user();
#6 总结
总得来说,Laravel5.2自带的Auth系统还是很好用的,只是有一些小坑文档没说清楚,用过几次之后就可以很熟悉了,可以给我们节约很多的开发时间。
相信看了本文案例你已经掌握了方法,更多精彩请关注php中文网其它相关文章!
推荐阅读:
bindParam和bindValue在Yii2中的使用详解
The above is the detailed content of Laravel implements multi-user authentication system. For more information, please follow other related articles on the PHP Chinese website!
laravel单点登录方法详解Jun 15, 2022 am 11:45 AM本篇文章给大家带来了关于laravel的相关知识,其中主要介绍了关于单点登录的相关问题,单点登录是指在多个应用系统中,用户只需要登录一次就可以访问所有相互信任的应用系统,下面一起来看一下,希望对大家有帮助。
一起来聊聊Laravel的生命周期Apr 25, 2022 pm 12:04 PM本篇文章给大家带来了关于laravel的相关知识,其中主要介绍了关于Laravel的生命周期相关问题,Laravel 的生命周期从public\index.php开始,从public\index.php结束,希望对大家有帮助。
laravel中guard是什么Jun 02, 2022 pm 05:54 PM在laravel中,guard是一个用于用户认证的插件;guard的作用就是处理认证判断每一个请求,从数据库中读取数据和用户输入的对比,调用是否登录过或者允许通过的,并且Guard能非常灵活的构建一套自己的认证体系。
laravel中asset()方法怎么用Jun 02, 2022 pm 04:55 PMlaravel中asset()方法的用法:1、用于引入静态文件,语法为“src="{{asset(‘需要引入的文件路径’)}}"”;2、用于给当前请求的scheme前端资源生成一个url,语法为“$url = asset('前端资源')”。
实例详解laravel使用中间件记录用户请求日志Apr 26, 2022 am 11:53 AM本篇文章给大家带来了关于laravel的相关知识,其中主要介绍了关于使用中间件记录用户请求日志的相关问题,包括了创建中间件、注册中间件、记录用户访问等等内容,下面一起来看一下,希望对大家有帮助。
laravel中间件基础详解May 18, 2022 am 11:46 AM本篇文章给大家带来了关于laravel的相关知识,其中主要介绍了关于中间件的相关问题,包括了什么是中间件、自定义中间件等等,中间件为过滤进入应用的 HTTP 请求提供了一套便利的机制,下面一起来看一下,希望对大家有帮助。
laravel的fill方法怎么用Jun 06, 2022 pm 03:33 PM在laravel中,fill方法是一个给Eloquent实例赋值属性的方法,该方法可以理解为用于过滤前端传输过来的与模型中对应的多余字段;当调用该方法时,会先去检测当前Model的状态,根据fillable数组的设置,Model会处于不同的状态。
laravel路由文件在哪个目录里Apr 28, 2022 pm 01:07 PMlaravel路由文件在“routes”目录里。Laravel中所有的路由文件定义在routes目录下,它里面的内容会自动被框架加载;该目录下默认有四个路由文件用于给不同的入口使用:web.php、api.php、console.php等。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
WebStorm Mac version
Useful JavaScript development tools
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
