20150720-Laravel登录验证碰到的坑
- WBOY原创
- 2016-08-08 09:20:371631浏览
记录踩过的坑,以后的坑就会越来越少……
首先 建表:
<code><span>php</span><span>artisan</span><span>migrate</span><span>:make_admin_table</span></code>
然后在新建的文件里面写上表的各列设置
<code><span></span>php
use Illuminate<span>\</span>Database<span>\</span>Schema<span>\</span>Blueprint;
use Illuminate<span>\</span>Database<span>\</span>Migrations<span>\</span>Migration;
class CreateAdminTable extends Migration {
<span>/**
* Run the migrations.
*
* @return void
*/</span><span>public</span> function up()
{
Schema<span>::create</span>(<span>'admin'</span>, function(<span>$table</span>)
{
<span>$table</span><span>-></span>increments(<span>'id'</span>);
<span>$table</span><span>-></span><span>string</span>(<span>'staff_code'</span>, <span>32</span>)<span>-></span>nullable(); <span>//员工号</span><span>$table</span><span>-></span><span>string</span>(<span>'login_name'</span>, <span>32</span>)<span>-></span>nullable(); <span>//登录名</span><span>$table</span><span>-></span><span>string</span>(<span>'password'</span>, <span>32</span>)<span>-></span>nullabele(); <span>//登录密码</span><span>$table</span><span>-></span><span>string</span>(<span>'mail'</span>, <span>512</span>)<span>-></span>nullable(); <span>//电子邮箱</span><span>$table</span><span>-></span><span>string</span>(<span>'staff_name'</span>, <span>32</span>)<span>-></span>nullable(); <span>//员工姓名</span><span>$table</span><span>-></span><span>string</span>(<span>'sex'</span>, <span>10</span>)<span>-></span>nullable(); <span>//性别</span><span>$table</span><span>-></span><span>string</span>(<span>'belong_to'</span>, <span>512</span>)<span>-></span>nullable(); <span>//所属部门</span><span>$table</span><span>-></span><span>string</span>(<span>'jobs'</span>, <span>512</span>)<span>-></span>nullable(); <span>//岗位</span><span>$table</span><span>-></span><span>string</span>(<span>'telephone'</span>, <span>32</span>)<span>-></span>nullable(); <span>//固定电话</span><span>$table</span><span>-></span><span>string</span>(<span>'mobile'</span>, <span>32</span>)<span>-></span>nullable(); <span>//手机号</span>
});
}
<span>/**
* Reverse the migrations.
*
* @return void
*/</span><span>public</span> function down()
{
Schema<span>::dropIfExists</span>(<span>'admin'</span>);
}
}</code>
建立Model模型Admin:
<code>php ratisan <span>generate</span> modle Admin</code>
再在生成的文件里添加
<code><span><?php </span><span>use</span><span>Illuminate</span>\<span>Auth</span>\<span>UserTrait</span>;
<span>use</span><span>Illuminate</span>\<span>Auth</span>\<span>UserInterface</span>;
<span>use</span><span>Illuminate</span>\<span>Auth</span>\<span>Reminders</span>\<span>RemindableTrait</span>;
<span>use</span><span>Illuminate</span>\<span>Auth</span>\<span>Reminders</span>\<span>RemindableInterface</span>;
<span><span>class</span><span>Admin</span><span>extends</span> \<span>Eloquent</span><span>implements</span><span>UserInterface</span>, <span>RemindableInterface</span> {</span><span>use</span><span>UserTrait</span>, <span>RemindableTrait</span>;
<span>protected</span><span>$fillable</span> = [];
<span>protected</span><span>$table</span> = <span>'admin'</span>; <span>// 指定表名</span><span>protected</span><span>$primaryKey</span> = <span>'id'</span>; <span>// 指定主键名</span><span>protected</span><span>$hidden</span> = <span>array</span>(<span>'password'</span>); <span>//密码字段</span><span>public</span><span>$timestamps</span> = <span>false</span>; <span>// 关闭 创建时间 与 更新时间 的自动维护</span><span>public</span><span><span>function</span><span>getRememberToken</span><span>()</span>{</span><span>return</span><span>$this</span>->rememberToken ;
}
<span>public</span><span><span>function</span><span>setRememberToken</span><span>(<span>$value</span>)</span>{</span><span>$this</span>->rememberToken = <span>$value</span> ;
}
<span>public</span><span><span>function</span><span>getRememberTokenName</span><span>()</span>{</span><span>return</span><span>$this</span>->reminder ;
}
}</span></code>
解释一下,因为需要做登录验证,用的是laravel自带的Auth所以需要添加use和继承UserInterface以及RemindableInterface接口 并重写一些方法
具体的就是这几句
<code><span>use</span><span>Illuminate</span>\<span>Auth</span>\<span>UserTrait</span>;
<span>use</span><span>Illuminate</span>\<span>Auth</span>\<span>UserInterface</span>;
<span>use</span><span>Illuminate</span>\<span>Auth</span>\<span>Reminders</span>\<span>RemindableTrait</span>;
<span>use</span><span>Illuminate</span>\<span>Auth</span>\<span>Reminders</span>\<span>RemindableInterface</span>;
<span><span>class</span><span>Admin</span><span>extends</span> \<span>Eloquent</span><span>implements</span><span>UserInterface</span>, <span>RemindableInterface</span> {</span><span>use</span><span>UserTrait</span>, <span>RemindableTrait</span>;
<span>/*******
以下代码省略
*******/</span><span>public</span><span><span>function</span><span>getRememberToken</span><span>()</span>{</span><span>return</span><span>$this</span>->rememberToken ;
}
<span>public</span><span><span>function</span><span>setRememberToken</span><span>(<span>$value</span>)</span>{</span><span>$this</span>->rememberToken = <span>$value</span> ;
}
<span>public</span><span><span>function</span><span>getRememberTokenName</span><span>()</span>{</span><span>return</span><span>$this</span>->reminder ;
}
}</code>
然后我继续找到Auth文件的设定 修改一下需要用到的表
app/config/auth.php
找到如下字段并修改成自己所指定的表
<code><span><?php </span><span>return</span><span>array</span>(
<span>'driver'</span> => <span>'eloquent'</span>, <span>//验证方式,有database和eloquent两种</span><span>'model'</span> => <span>'Admin'</span>, <span>//所使用的model名</span><span>'table'</span> => <span>'admin'</span>, <span>//对应的表名</span><span>'reminder'</span> => <span>array</span>(
<span>'email'</span> => <span>'emails.auth.reminder'</span>,
<span>'table'</span> => <span>'password_reminders'</span>,
<span>'expire'</span> => <span>60</span>,
),
);</span></code>
然后再添加controller方法:
<code><span>//获取登录页面</span><span>public</span> function get_web_login(){
<span>return</span> View<span>::make</span>(<span>'web.web_login'</span>);
}
<span>//登录验证</span><span>public</span> function post_login(){
<span>if</span> (Auth<span>::attempt</span>(<span>array</span>(<span>'login_name'</span><span>=></span>Input<span>::get</span>(<span>'login_name'</span>), <span>'password'</span><span>=></span>Input<span>::get</span>(<span>'password'</span>)))) {
Notification<span>::success</span>(<span>'登录成功'</span>);
<span>return</span> Redirect<span>::to</span>(<span>'/web/index'</span>)
<span>-></span><span>with</span>(<span>'message'</span>, <span>'成功登录'</span>);
} <span>else</span> {
Notification<span>::warning</span>(<span>'用户名密码不正确'</span>);
<span>return</span> Redirect<span>::to</span>(<span>'/web/login'</span>)
<span>-></span><span>with</span>(<span>'message'</span>, <span>'用户名密码不正确'</span>)
<span>-></span>withInput();
}
}</code>
然后是视图文件login.blade.php:
<code><span>@section</span>(<span>'title'</span>)登录 - <span>@parent</span><span>@stop</span><span>@section</span>(<span>'nav_1'</span>)
<li>class=<span>"active"</span>><a href="<span">"#">登录</a>
</li>
<span>@stop</span><span>@section</span>(<span>'selection'</span>)
<div id="<span">"login"<span>class</span>=<span>"login"</span>>
<form>class=<span>"form"</span> role=<span>"form"</span> action=<span>"{{URL::route('web.web_login.post')}}"</span> style=<span>"width: 500px"</span> method=<span>"post"</span>>
<span>@if</span> (Session::has(<span>'message'</span>))
<div>class=<span>"alert alert-error"</span>>{{ Session::get(<span>'message'</span>)}}</div>
<span>@endif</span>
<div>class=<span>"form-group"</span>>
<label>for=<span>"login_name"</span>>登录名:</label>
<input>type=<span>"text"</span><span>class</span>=<span>"form-control"</span> id=<span>"login_name"</span> name=<span>"login_name"</span>>
<label>for=<span>"password"</span>>密码:</label>
<input>type=<span>"password"</span><span>class</span>=<span>"form-control"</span> id=<span>"password"</span> name=<span>"password"</span>>
</div>
<div align="<span">"left">
<button>type=<span>"submit"</span><span>class</span>=<span>"btn btn-info btn-lg"</span>><span>class</span>=<span>"glyphicon glyphicon-user"</span> aria-hidden=<span>"true"</span>> 登录</button>
</div>
</form>
</div>
<span>@stop</span></code>
最后更新路由
<code>Route::get(<span>'/web/index'</span>, <span>array</span>(<span>'as'</span> => <span>'web.web_index'</span>, <span>'uses'</span> => <span>'App\Controllers\Api\WebController@get_web_index'</span>)); <span>//登录页面</span> Route::get(<span>'/web/login'</span>, <span>array</span>(<span>'as'</span> => <span>'web.web_login'</span>, <span>'uses'</span> => <span>'App\Controllers\Api\WebController@get_web_login'</span>)); Route::post(<span>'/web/login'</span>, <span>array</span>(<span>'as'</span> => <span>'web.web_login.post'</span>, <span>'uses'</span> => <span>'App\Controllers\Api\WebController@post_login'</span>)); </code>
做完以上工作,我就屁颠屁颠的打开数据库 随便塞了条用户数据进去,就尝试登录,然后问题就来了
不管我怎么试,账户密码就是不对
百度google了一下,然而并没有找到什么结果
无奈之下只能看看laravel的源码
首先调用的就是attempt方法来验证用户名密码于是我跳转进这个函数去看了下
<code><span>/**
* Attempt to authenticate a user using the given credentials.
*
*<span> @param</span> array $credentials
*<span> @param</span> bool $remember
*<span> @param</span> bool $login
*<span> @return</span> bool
*<span> @static</span> */</span><span>public</span><span>static</span> function <span>attempt</span>($credentials = array(), $remember = <span>false</span>, $login = <span>true</span>){
<span>return</span> \Illuminate\Auth\Guard::attempt($credentials, $remember, $login);
}</code>
不难看出她只是返回的Guar::attempt方法的结果,那么我继续进去看
<code><span>/**
* Attempt to authenticate a user using the given credentials.
*
* @param array $credentials
* @param bool $remember
* @param bool $login
* @return bool
*/</span><span>public</span> function attempt(<span>array</span><span>$credentials</span><span>=</span><span>array</span>(), <span>$remember</span><span>=</span><span>false</span>, <span>$login</span><span>=</span><span>true</span>)
{
<span>$this</span><span>-></span>fireAttemptEvent(<span>$credentials</span>, <span>$remember</span>, <span>$login</span>);
<span>$this</span><span>-></span>lastAttempted <span>=</span><span>$user</span><span>=</span><span>$this</span><span>-></span>provider<span>-></span>retrieveByCredentials(<span>$credentials</span>);
<span>// If an implementation of UserInterface was returned, we'll ask the provider</span><span>// to validate the user against the given credentials, and if they are in</span><span>// fact valid we'll log the users into the application and return true.</span><span>if</span> (<span>$this</span><span>-></span>hasValidCredentials(<span>$user</span>, <span>$credentials</span>))
{
<span>if</span> (<span>$login</span>) <span>$this</span><span>-></span>login(<span>$user</span>, <span>$remember</span>);
<span>return</span><span>true</span>;
}
<span>return</span><span>false</span>;
}</code>
到了这里,大概就可以知道,登录结果,应该就是那个hasValidCredentials方法返回的结果来控制的,那么它内部是怎样实现的?再进去看看
<code><span>/**
* Determine if the user matches the credentials.
*
*<span> @param</span> mixed $user
*<span> @param</span> array $credentials
*<span> @return</span> bool
*/</span><span>protected</span> function <span>hasValidCredentials</span>($user, $credentials)
{
<span>return</span> ! is_null($user) && $<span>this</span>->provider->validateCredentials($user, $credentials);
}</code>
然而这里只是做了个简单的判断是否存在$user参数,所以我继续转进validateCredentials方法
<code><span>/**
* Validate a user against the given credentials.
*
*<span> @param</span> \Illuminate\Auth\UserInterface $user
*<span> @param</span> array $credentials
*<span> @return</span> bool
*/</span><span>public</span> function <span>validateCredentials</span>(UserInterface $user, array $credentials);</code>
到了这里 初学laravel的我并不能看懂是啥意思,所以只能继续google,然后真的给我找到了一些相关的情报
扩展Auth功能
看完这帖子之后,加上上面代码的理解
顺着它说的目录
/vender/laravel/framework/src/illuminate/Auth
于是我找到了EloquentUserProvider.php这个文件
在其内部找到了validateCredentials方法的具体实现
<code><span>/**
* Validate a user against the given credentials.
*
*<span> @param</span> \Illuminate\Auth\UserInterface $user
*<span> @param</span> array $credentials
*<span> @return</span> bool
*/</span><span>public</span> function <span>validateCredentials</span>(UserInterface $user, array $credentials)
{
$plain = $credentials[<span>'password'</span>];
<span>return</span> $<span>this</span>->hasher->check($plain, $user->getAuthPassword());
}</code>
这下就清楚了
laravel在验证密码的时候会把输入的密码用hash运算之后再与数据库所存储的密码对比
然而我是直接在数据库中添加明文密码的,所以显示密码不正确是理所应当的
所以,在存储密码字段的时候,务必记住用
<code>Hash::make(<span>"<span>$passowrd</span>"</span>);</code>
来生成对应密码的hash串……
然后我在用这个方法向数据库写入密码hash串的时候报错了,检查一看,原来是当初设置的密码字段太短导致的,于是把密码字段长度改为1024个字长 问题就解决了
这个坑折腾了我一上午……记录下来让大家参考参考,避免再次像我一样被坑吧
_ (:з」∠)_
另外还找到了一篇bolg,说是怎样将laravel的默认的加密方法换成自定义的MD5加密方式的以后应该会用到吧,贴在这里以供日后参考laravel更改默认的登录密码加密方式
(完)
版权声明:本文为博主原创文章,未经博主允许不得转载。
以上就介绍了20150720-Laravel登录验证碰到的坑,包括了方面的内容,希望对PHP教程有兴趣的朋友有所帮助。
声明:
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系admin@php.cn
上一篇:学习编程那点事下一篇:php二进制安全的含义