【问题标题】:How to make Auth::Attempt work with unhashed password in DB如何使 Auth::Attempt 在数据库中使用未散列的密码
【发布时间】:2015-02-08 03:54:12
【问题描述】:

我与大多数使用 Auth:Attempt 的人有类似的问题。但是,我找不到可以使用现有表和使用迁移工具创建新用户表的文档。

我的申请详情

  1. 我使用现有表来跟踪用户,而不是使用迁移工具来生成用户表。
  2. 数据库中的密码未经过哈希处理。我有单独的页面来添加新用户并将它们存储在数据库中。它使用用户模型类。
  3. 我不知道如何在使用现有表的用户模型将密码存储在数据库中时对密码进行哈希处理。
  4. 我正在使用 Auth::attempt($user) 进行身份验证。

我的代码

routes.php

Route::post('/login',array('as' => 'login', function () {


        $user = array(
            'username' => Input::get('username'),
            'password' => Input::get('password')
        );

        if (Auth::attempt($user)) {
             return "Hello World! :)";
            /*return Redirect::route('home')
                ->with('flash_notice', 'You are successfully logged in.');*/
        }
         //return "Hello World! :o";
        // authentication failure! lets go back to the login page
        return Redirect::route('login')
            ->with('flash_error', 'Your username/password combination was incorrect.')
            ->withInput();
}));

登录页面代码:

@extends('layouts.login_registration_master')

@section('content')

<div class="row centered-form">
  <div class="col-xs-12 col-sm-8 col-md-4 col-sm-offset-2 col-md-offset-4">
    <div class="panel panel-default">
      <div class="panel-heading">
        <h3 class="panel-title">Please Login</h3>
      </div>
      <div class="panel-body">
         @if (Session::has('flash_error'))
        <div id="flash_error">{{ Session::get('flash_error') }}</div>
        @endif
        {{Form::open(array('route' => 'login', 'method'=>'POST')) }}
          <div class="row">
          <div class="form-group">
            {{ Form::text('username', null, array('class'=>'form-control input-sm','placeholder'=>'User Name')) }}
          </div>
          </div>
          <div class="row">            
              <div class="form-group">
                 {{ Form::password('password', array('class'=>'form-control input-sm','placeholder'=>'Password')) }}
              </div>            
          </div>
        <div class="row">            
            <div class="col-xs-6">
                {{ Form::checkbox('remember', 'Remember Me'); echo ' Remember Me'}}     

            </div>            
            <div class="col-xs-6 pull-right" align="right">
                {{ HTML::linkAction('RegistrationController@showForgotPasswordPage', 'Forgot Password?') }}
            </div>
          </div>
          <div class="row"> 
          {{ Form::submit('Login', array('class'=>'btn btn-info btn-block')) }}
          </div>
          <div class="row" align="center"> 
              {{ HTML::linkAction('RegistrationController@showMainPage', 'Sign Up for new account.') }}
          </div>

        {{Form::close()}}
      </div>
    </div>
  </div>
</div>

@stop

用户.php

<?php

use Illuminate\Auth\UserTrait;
use Illuminate\Auth\UserInterface;
use Illuminate\Auth\Reminders\RemindableTrait;
use Illuminate\Auth\Reminders\RemindableInterface;

class User extends Eloquent implements UserInterface, RemindableInterface {

    use UserTrait, RemindableTrait;

    /**
     * The database table used by the model.
     *
     * @var string
     */
    protected $table = 'rdm_user';


    /**
     * The attributes excluded from the model's JSON form.
     *
     * @var array
     */
    protected $hidden = array('password', 'remember_token');


        /**
         * Validation
         */

        protected $guarded = array('id');
        protected $fillable = array('first_name', 'last_name','email','password','username', 'role');

        public static $rules = array(
            'first_name' => 'required|min:3',
            'last_name' => 'required|min:3',
            'role' => 'required',
            'username' => 'unique:rdm_user',
            'email' => 'required|email',
            'password' =>'same:password_confirmation'
        );

          public static $rulesUpdate = array(
            'first_name' => 'required|min:3',
            'last_name' => 'required|min:3',
            'role' => 'required',            
            'email' => 'required|email',
            'password' =>'required|same:password_confirmation'
        );

        public function getAuthIdentifier() {
            return $this->getKey();
        }

        public function getAuthPassword() {
            return $this->password;
        }


}

auth.php

<?php

return array(

    /*
    |--------------------------------------------------------------------------
    | Default Authentication Driver
    |--------------------------------------------------------------------------
    |
    | This option controls the authentication driver that will be utilized.
    | This driver manages the retrieval and authentication of the users
    | attempting to get access to protected areas of your application.
    |
    | Supported: "database", "eloquent"
    |
    */

    'driver' => 'eloquent',

    /*
    |--------------------------------------------------------------------------
    | Authentication Model
    |--------------------------------------------------------------------------
    |
    | When using the "Eloquent" authentication driver, we need to know which
    | Eloquent model should be used to retrieve your users. Of course, it
    | is often just the "User" model but you may use whatever you like.
    |
    */

    'model' => 'User',

    /*
    |--------------------------------------------------------------------------
    | Authentication Table
    |--------------------------------------------------------------------------
    |
    | When using the "Database" authentication driver, we need to know which
    | table should be used to retrieve your users. We have chosen a basic
    | default value but you may easily change it to any table you like.
    |
    */

    'table' => 'rdm_user',

    /*
    |--------------------------------------------------------------------------
    | Password Reminder Settings
    |--------------------------------------------------------------------------
    |
    | Here you may set the settings for password reminders, including a view
    | that should be used as your password reminder e-mail. You will also
    | be able to set the name of the table that holds the reset tokens.
    |
    | The "expire" time is the number of minutes that the reminder should be
    | considered valid. This security feature keeps tokens short-lived so
    | they have less time to be guessed. You may change this as needed.
    |
    */

    'reminder' => array(

        'email' => 'emails.auth.reminder',

        'table' => 'password_reminders',

        'expire' => 60,

    ),

);

如果您需要更多信息,请告诉..

提前谢谢你:)

维奈

【问题讨论】:

    标签: php authentication laravel laravel-4


    【解决方案1】:

    很少有任何正当理由不只是散列密码。您只需对所有密码进行哈希处理 - 然后您的问题就解决了。

    $users = Users::all();
    foreach ($users as $user)
    {
        $user->password = Hash::make($user->password);
        $user->save();
    }
    

    【讨论】:

    • 谢谢。如果这解决了您的问题,请记住“接受”答案。
    猜你喜欢
    • 2018-04-14
    • 2016-12-30
    • 1970-01-01
    • 2013-04-06
    • 1970-01-01
    • 2014-09-25
    • 1970-01-01
    • 2012-09-20
    • 1970-01-01
    相关资源
    最近更新 更多