3

我在播种机中使用哈希来加密密码,在我的控制器中,我使用 Auth 来检查来自客户端的请求,但它总是返回 false,我不知道为什么。

这是代码:

我的家庭控制器:

    public function login(Request $request)
    {
        $username = $request->input('username');
        $password = $request->input('password');

        if( Auth::attempt(['mssv' =>$username, 'pass' =>$password])) {
                $success = new MessageBag(['successlogin' => 'welcome']);
                return view('welcome')->withErrors($success);
            } else {
                $errors = new MessageBag(['errorlogin' => 'Login fail']);
                return redirect()->back()->withInput()->withErrors($errors);
            }
        }
    } 

我的播种机有:

    DB::table('sinhvien')->insert([
        'hoten' => 'Nguyễn Ngọc Anh Thư',
        'mssv' =>'DH51400668',
        'pass' =>Hash::make('DH51400668'),
        'created_at'=>date("Y-m-d H:i:s"),
        'updated_at'=>date("Y-m-d H:i:s")
    ]);

我的模型用户:

    <?php

    namespace App;

    use Illuminate\Notifications\Notifiable;
    use Illuminate\Contracts\Auth\MustVerifyEmail;
    use Illuminate\Foundation\Auth\User as Authenticatable;

    class User extends Authenticatable
    {
        use Notifiable;

        /**
         * The attributes that are mass assignable.
         *
         * @var array
         */
        protected $table='sinhvien' ;
        protected $fillable = [
            'mssv', 'hoten', 'pass',
        ];

        /**
         * The attributes that should be hidden for arrays.
         *
         * @var array
         */
        protected $hidden = [
            'pass', 'remember_token',
        ];
    }

我的路由器有:

Route::post('/login', 'HomeController@login'); 

但是当我请求播种机的信息时,Auth::attempt ()总是返回false。

4

1 回答 1

5

Hash::make从密码捕获字段中删除。使用Auth::attempt时默认获取哈希值并通过数据库进行搜索。

尝试

$password = $request->input('password'); # remove Hash::make

if( Auth::attempt(['mssv' =>$username, 'pass' => $password])) { # remove quotes

如何防止 Laravel 中的 SQL 注入?

于 2018-11-12T09:42:47.447 回答