0

I'm getting this error when a username matches, but a password doesn't. Which is good if you want a hacker to find they're using the correct email address to log in and can keep guessing the password.

What I would like to know is, how do I stop this message from showing up when they have entered a correct address, but wrong password?

In my View, I just have this...

@if($errors->has('login'))
            <div class="alert alert-danger">{{ $errors->first('login', ':message') }}</div>
        @endif

I'm using Sentry's default configuration, is there something I could just set to false so this message doesn't show? I would like it to show all the other error messages, just not this one as it's a pretty big security risk.

Any help on this would be grateful.

4

1 回答 1

0

sentry 的文档(我会)建议在服务器端验证例程上使用 try catch。 哨兵文件

专门捕获 Cartalyst\Sentry\Users\WrongPasswordException 并设置您自己的错误消息

try
{
// Set login credentials
$credentials = array(
    'email'    => 'john.doe@example.com',
    'password' => 'test',
);

// Try to authenticate the user
$user = Sentry::authenticate($credentials, false);
}
catch (Cartalyst\Sentry\Users\WrongPasswordException $e)
{
 echo 'Wrong Login Info, try again.';
}
于 2014-05-13T13:49:30.913 回答