0

一段时间以来,我一直在尝试解决这个问题,但似乎无法弄清楚问题所在。我已经在 Laravel 5.2.* 中手动创建了一个登录页面,过去我已经成功完成了,但由于某种原因这次它无法正常工作......这是我的代码重要部分的细分:

Route::group(['middleware' => ['web']], function () {
    // Authentication Routes...
    Route::get('auth/login', 'Auth\AuthController@getLogin');
    Route::post('auth/login', 'Auth\AuthController@postLogin');
    Route::get('auth/logout', 'Auth\AuthController@getLogout');
    ....
});

<!DOCTYPE html>

<html lang="en">
    <head>
        <meta name="csrf-token" content="{{ csrf_token() }}" />
        ....
    </head>
    <body>
        <form action="{{ url( '/auth/login' ) }}" class="clearfix" id="login" method="post" novalidate>
            {!! csrf_field() !!}

            @if (count($errors) > 0)
                <div class="show validation-summary">
                    <strong>Whoops!</strong> There were some problems with your input.<br />
                    <ul>
                        @foreach ($errors->all() as $error)
                            <li>{{ $error }}</li>
                        @endforeach
                    </ul>
                </div>
            @else
                <div class="validation-summary">
                    <ul>
                    </ul>
                </div>
            @endif

            <label class="grey" for="email"><b>Username: </b></label>
            <input class="field" type="text" name="email" id="email" value="{{ old('email') }}" size="23" />
            <label class="grey" for="password"><b>Password:</b></label>
            <input class="field" type="password" name="password" id="password" size="23" />
            <button class="bt_login" name="submit" type="submit">
                <i class="fa fa-btn fa-sign-in"></i> Login
            </button>
        </form>
        ....
    </body>
</html>

这是来自 AuthenticatesUsers 特征的 postLogin 方法:

public function postLogin(Request $request)
{
    return $this->login($request);
}

public function login(Request $request)
{
    $this->validate($request, [
        $this->loginUsername() => 'required', 'password' => 'required',
    ]);

    // If the class is using the ThrottlesLogins trait, we can automatically throttle
    // the login attempts for this application. We'll key this by the username and
    // the IP address of the client making these requests into this application.
    $throttles = $this->isUsingThrottlesLoginsTrait();

    if ($throttles && $this->hasTooManyLoginAttempts($request)) {
        return $this->sendLockoutResponse($request);
    }

    $credentials = $this->getCredentials($request);

    if (Auth::guard($this->getGuard())->attempt($credentials, $request->has('remember'))) {
        return $this->handleUserWasAuthenticated($request, $throttles);
    }

    // If the login attempt was unsuccessful we will increment the number of attempts
    // to login and redirect the user back to the login form. Of course, when this
    // user surpasses their maximum number of attempts they will get locked out.
    if ($throttles) {
        $this->incrementLoginAttempts($request);
    }

    return $this->sendFailedLoginResponse($request);
}

单击登录按钮时,它似乎显示了 csrf 令牌值,甚至没有点击 AuthenticatesUsers 特征中的 postLogin 方法。如果您想要一个实时示例,您可以访问http://www.dorothea.co.za/auth/login并单击屏幕顶部的登录滑动面板,然后单击登录。

4

1 回答 1

0

只是为了回答我上面的问题,问题出在 app/Http/Middleware/VerifyCsrfToken.php 类的 tokensMatch 方法中。这是导致问题的代码:

echo($request->header('X-CSRF-Token') .' '. $request->input('_token'));
die();

我认为我没有对此文件进行任何更改,因此请注意您是否使用身份验证并且您的 laravel 版本是 5.2.7。

于 2016-08-09T10:44:20.873 回答