問題描述
我是家庭愛好者,正在學習 Laravel,目前版本為 5.3.我使用的是 Mac,既不是 homestead 也不是 vagrant.
I am a home hobbyist and am studying Laravel, currently in version 5.3. I am using a Mac, neither homestead nor vagrant.
我目前正在開發一個使用登錄名和注冊系統來創建用戶的網站.
I'm currently working on a website that uses a login and a register system to create users.
我使用 php artisan migrate 在本地操作我的數據庫.
I've used php artisan migrate to manipulate my database locally.
如下所示,它包含三個字段,即:
As listed below, it has three fields, namely:
- 電子郵件
- 用戶名
- 密碼
我有一個 User 模型 (users.php):
I have a User model (users.php):
<?php
namespace blog;
use IlluminateNotificationsNotifiable;
use IlluminateDatabaseEloquentModel;
use IlluminateContractsAuthAuthenticatable;
class User extends Model implements Authenticatable {
use IlluminateAuthAuthenticatable;
use Notifiable;
protected $fillable = [
'username', 'email', 'password',
];
}
還有一個 UserController 類(UserController.php):
And also, a UserController class (UserController.php):
<?php
namespace blogHttpControllers;
use Auth;
use blogUser;
use IlluminateHttpRequest;
class UserController extends Controller {
public function postRegister(Request $request) {
$username = $request['username'];
$email = $request['email'];
$password = bcrypt($request['password']);
$user = new User();
$user->email = $email;
$user->username = $username;
$user->password = $password;
$user->save();
return redirect()->route('login');
}
public function postLogin(Request $request) {
$credentials = [
'username' => $request['username'],
'password' => $request['password'],
];
if(Auth::attempt($credentials)) {
return redirect()->route('dashboard');
}
return 'Failure';
}
}
?>
如您所見,我使用 bcrypt() 作為我的散列方法.
As you can see, I am using bcrypt() as my hashing method.
然而,這個問題是,它總是會導致失敗.
However, this problem is, it will always result to a failure.
我檢查了以下鏈接:
為什么是 Auth::attempt總是返回 false
Laravel authattempt 返回 false
附言這些鏈接似乎很難理解,因為我沒有使用 Input 類.
P.S. These links seem very hard to follow as I do not utilize the Input class.
推薦答案
問題在于您在注冊后將用戶重定向到 login 路由的方式.您錯誤地假設 $request 數據將伴隨重定向.
The problem is with the way you're redirecting the user to login route after the registration. You're falsely assuming that the $request data will be accompanied with the redirect.
讓我們假設這個場景:一個請求被分派給 postRegister 方法,帶有 name、email 和 password領域.控制器創建用戶并將其保存到數據庫中.然后它將尚未通過身份驗證的用戶重定向到 login 路由.postLogin 方法被觸發,但這次沒有請求數據.結果,Auth::attempt($credentials) 失敗,你會在屏幕上看到令人討厭的 Failure.
Let's assume this scenario: A request gets dispatched to the postRegister method with name, email and password fields. The controller creates the user and saves it into the database. Then it redirects the user, who is not yet authenticated, to the login route. The postLogin method gets triggered, but this time with no request data. As a result, Auth::attempt($credentials) fails and you get that nasty Failure on screen.
如果在創建數組后立即添加 dd($credentials),您將看到它沒有值:
If you add a dd($credentials) right after you create the array, you'll see that it has no values:
public function postLogin(Request $request)
{
$credentials = [
'username' => $request['username'],
'password' => $request['password'],
];
// Dump data
dd($credentials);
if (Auth::attempt($credentials)) {
return redirect()->route('dashboard');
}
return 'Failure';
}
它會返回如下內容:
array:2 [
"username" => null
"password" => null
]
您不能使用自定義請求數據重定向(除非使用作為 URL 一部分的查詢字符串),無論怎樣.這不是 HTTP 的工作方式.除了請求數據,您甚至無法使用自定義標頭進行重定向.
You cannot redirect with custom request data (unless with querystring which is part of the URL), not matter what. It's not how HTTP works. Request data aside, you can't even redirect with custom headers.
既然您知道問題的根源是什么,讓我們看看有哪些選項可以解決它.
Now that you know what's the root of your problem, let's see what are the options to fix it.
如果你想保留這個結構,你需要將 postRegister() 的請求數據刷入會話(在請求之間是持久的),然后在 postLogin 中檢索它() 方法使用 Session 門面、session() 助手或實際的 IlluminateSessionSessionManager 類.
In case you want to preserve this structure, you need to flash the request data of postRegister() into the session (which is persistent between requests) and then retrieve it in the postLogin() method using Session facade, session() helper or the actual IlluminateSessionSessionManager class.
我的意思是:
(我稍微修改了您的代碼;刪除了額外的變量,使其更簡潔,等等.)
public function postRegister(Request $request)
{
// Retrieve all request data including username, email & password.
// I assume that the data IS validated.
$input = $request->all();
// Hash the password
$input['password'] = bcrypt($input['password']);
// Create the user
User::create($input);
// Redirect
return redirect()
// To the route named `login`
->route('login')
// And flash the request data into the session,
// if you flash the `$input` into the session, you'll
// get a "Failure" message again. That's because the
// password in the $input array is already hashed and
// the attempt() method requires user's password, not
// the hashed copy of it.
//
->with($request->only('username', 'password'));
}
public function postLogin(Request $request)
{
// Create the array using the values from the session
$credentials = [
'username' => session('username'),
'password' => session('password'),
];
// Attempt to login the user
if (Auth::attempt($credentials)) {
return redirect()->route('dashboard');
}
return 'Failure';
}
我強烈建議您不要使用這種方法.這樣,應該負責登錄用戶的 postLogin() 方法的實現與會話數據耦合在一起,這是不好的.這樣,您就無法獨立于 postRegister 使用 postLogin.
I strongly recommend you against using this approach. This way the implementation of postLogin() method which is supposed to be responsible to login users gets coupled with session data which is not good. This way, you're not able to use postLogin independently from the postRegister.
這是一個稍微好一點的解決方案;如果您決定需要在注冊后立即登錄用戶,為什么不這樣做呢?
This is a slightly better solution; If you decided that you need to log in the user right after the registration, why not just doing that?
注意 Laravel 自己的身份驗證控制器 noreferr="自動執行.
Note that Laravel's own authentication controller does it automatically.
順便說一下,這就是我的意思:
(理想情況下,這應該分解為多個方法,就像 Laravel 自己的身份驗證控制器一樣.但這只是幫助您入門的示例.)
By the way, here's what I mean:
(Ideally this should be broken down into multiple methods, just like Laravel's own authentication controller. But it's just an example to get you started.)
public function postRegister(Request $request)
{
$input = $request->all();
$input['password'] = bcrypt($input['password']);
User::create($input);
// event(UserWasCreated::class);
if (Auth::attempt($request->only('username', 'password'))) {
return redirect()
->route('dashboard')
->with('Welcome! Your account has been successfully created!');
}
// Redirect
return redirect()
// To the previous page (probably the one generated by a `getRegister` method)
->back()
// And with the input data (so that the form will get populated again)
->withInput();
}
但是,它仍然遠非完美!有很多其他方法可以解決這個問題.一個可能是使用 events,拋出 異常 失敗和使用自定義異常重定向.但我不打算探索它們,因為已經有為此完美設計的解決方案.
But still, it's far from perfect! There are many other ways to tackle this. One could be using events, throwing exceptions on failure and redirecting using custom exceptions. But I'm not gonna explore them as there's already a solution perfectly designed for this.
如果您想編寫自己的身份驗證控制器,那很好.一路上你會學到很多東西.但我強烈建議閱讀 Laravel 自己的認證代碼,尤其是 Users.php" rel="noreferrerRegistersUsers 和 AuthenticatesUsers 特征以便從中學習.
If you want to write your own authentication controller, that's fine. You'll learn a lot along the way. But I strongly suggest reading Laravel's own authentication code, especially RegistersUsers and AuthenticatesUsers traits in order to learn from it.
還有一張紙條;你不需要 IlluminateAuthAuthenticatable 特性在你的 User 模型中,因為它已經擴展了 Authenticatable 使用該特征.
And one more note; you don't need that IlluminateAuthAuthenticatable trait in your User model as it's already extending Authenticatable which use that trait.
這篇關于Laravel Auth::attempt() 返回 false的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網!