laravel Authentication and Security
Creating the user model
First of all, we need to define the model that is going to be used to represent the
users of our application. Laravel already provides you with sensible defaults inside
app/config/auth.php, where you change the model or table that is used to store
your user accounts.
It also comes with an existing User model inside app/models/User.php. For the
purposes of this application, we are going to simplify it slightly, remove certain
class variables, and add new methods so that it can interact with the Cat model:
use Illuminate\Auth\UserInterface;
class User extends Eloquent implements UserInterface {
public function getAuthIdentifier() {
return $this->getKey();
}
public function getAuthPassword() {
return $this->password;
}
public function cats(){
return $this->hasMany('Cat');
}
public function owns(Cat $cat){
return $this->id == $cat->owner;
}
public function canEdit(Cat $cat){
return $this->is_admin or $this->owns($cat);
}
}
Remember that an interface does not give any implementation details. It is nothing
more than a contract that specifies the names of the methods that a class should
define when it implements the interface, in this case, getAuthIdentifier()
and getAuthPassword(). These methods are used internally by Laravel when
authenticating a user. The next method, cats(), simply defines the has many
relationship with the Cat model. The last two methods will be used to check
whether a given Cat instance is owned or editable by the current User instance.
Creating the necessary database schema
Now that we have defined a User model, we need to create the database schema
for it and alter the existing cats table to add information about the owner. Start by
creating a new migration:
$ php artisan migrate:make create_users
And then define the up method with the necessary database columns:
Authentication routes and views
Let's now look at the new routes and views. We will start by making some amends to
the master layout (app/views/master.blade.php) to display the login link to guests
and the logout link to users who are logged in. To check whether a visitor is logged
in, we use the Auth::check() method:
<div class="container">
<div class="page-header">
<div class="text-right">
@if(Auth::check())
Logged in as
<strong>{{{Auth::user()->username}}}</strong>
{{link_to('logout', 'Log Out')}}
@else
{{link_to('login', 'Log In')}}
@endif
</div>
@yield('header')
</div>
@if(Session::has('message'))
<div class="alert alert-success">
{{Session::get('message')}}
</div>
@endif
@if(Session::has('error'))
<div class="alert alert-warning">
{{Session::get('error')}}
</div>
@endif
@yield('content')
</div>
This code replaces the contents of the <body> tag in our previous template file.
A section for any error messages was also included below the header.
The route to display this login form could not be easier:
Route::get('login', function(){
return View::make('login');
});
If you were curious as to where and why Laravel uses the make methods
in various places, it is only there to maintain PHP 5.3 compatibility, which
does not support class member access on instantiation, and therefore, does
not let you write return new View('login');.
The route that handles login attempts will simply pass the username and password
input values to the Auth::attempt method. When this method returns true, we
simply redirect the visitor to the intended location. If this fails, we redirect the user
back to where he came from with Redirect::back() with the input values and an
error message.
Route::post('login', function(){
if(Auth::attempt(Input::only('username', 'password'))) {
return Redirect::intended('/');
} else {
return Redirect::back()
->withInput()
->with('error', "Invalid credentials");
}
});
But how does Laravel know what our intended location was? If you open
app/filters.php and look at the auth filter, you will see that it redirects guests
to the login route with the Redirect::guest() method. This method stores the
requested path in a session variable, which is then used by the intended() method.
The parameter passed to this method is the fallback route to which users should be
redirected if there is no request path in the session information.
Note also that there is a filter called guest that does the opposite of
auth; you could use it on the login route if you wanted to prevent
logged-in users from accessing it. With this filter in place, logged-in users
will be redirected to the home page instead. You can change this behavior
inside app/filters.php.
laravel Authentication and Security的更多相关文章
- [PHP] 浅谈 Laravel Authentication 的 auth:api
auth:api 在 Laravel 的 Routing , Middleware , API Authentication 主题中都有出现. 一. 在 Routing 部分可以知道 auth:api ...
- [PHP] 浅谈 Laravel Authentication 的 guards 与 providers
从文档的简单介绍上来讲,有一些抽象. 个人感觉,对于概念上的大多数不理解主要还是来自于 文档不是讲设计思路,而是实际操作. 查看英文文档,通常来说可以给你最准确的直觉,而本地翻译一般比较字面或者带有理 ...
- [转]The NTLM Authentication Protocol and Security Support Provider
本文转自:http://davenport.sourceforge.net/ntlm.html#ntlmHttpAuthentication The NTLM Authentication Proto ...
- [不错]A step-by-step guide to enabling security, TLS/SSL, and PKI authentication in Elasticsearch
Now posted on the Elastic blog December 12, 2018 update: This article has been published on Elastic’ ...
- How-to: Enable User Authentication and Authorization in Apache HBase
With the default Apache HBase configuration, everyone is allowed to read from and write to all table ...
- 【Spring】关于Boot应用中集成Spring Security你必须了解的那些事
Spring Security Spring Security是Spring社区的一个顶级项目,也是Spring Boot官方推荐使用的Security框架.除了常规的Authentication和A ...
- HttpClient(4.3.5) - HTTP Authentication
HttpClient provides full support for authentication schemes defined by the HTTP standard specificati ...
- cloud computing platform,virtual authentication encryption
Distributed Management Task Forcevirtual Ethernet port aggregator encryption,authenticating,local ac ...
- 一个HTTP Basic Authentication引发的异常
这几天在做一个功能,其实很简单.就是调用几个外部的API,返回数据后进行组装然后成为新的接口.其中一个API是一个很奇葩的API,虽然是基于HTTP的,但既没有基于SOAP规范,也不是Restful风 ...
随机推荐
- 哆啦A梦连连看游戏源码完整版
这个源码是哆啦A梦连连看游戏源码完整版,也是安卓教程网android.662p.com分享过来的,哆啦A梦大家一定再熟悉不过了,这次登场的角色你能认出全部吗?赶紧把相同的小图标全部消除吧,一起体验下! ...
- border-radius导致overflow:hidden失效问题。
如果一个父元素设置了overflow:hidden属于的同时还设置了border-radius属性,那么如果想隐藏超出的子元素,四个圆角处会出现超出圆角依然显示的bug: 一种方法是运用-webkit ...
- Android 控件收集
SwipeMenuExpandableListView https://github.com/tycallen/SwipeMenu-Expandable-ListView
- wampsever在win10中安装扩展掉坑
1.必须要退出wampserver 2.php pecl + 3.wampserver 64 3.0.6
- java中ReentrantReadWriteLock读写锁的使用
Lock比传统线程模型中的synchronized方式更加面向对象,与生活中的锁类似,锁本身也应该是一个对象.两个线程执行的代码片段要实现同步互斥的效果,它们必须用同一个Lock对象. 读写锁:分为读 ...
- 题目1444:More is better
时间限制:3 秒 内存限制:100 兆 特殊判题:否 提交:1362 解决:640 题目描述: Mr Wang wants some boys to help him with a project. ...
- Java 类和对象
主要参考文献:王映龙<Java程序设计> 一:类的语法 [修饰符]class<类名>[extends父类名][implements接口列表]{ //类体} 1:修饰符 可选值为 ...
- Oracle的AUTOTRACE功能
ORACLE9i在使用autotrace之前,需要作一些初始设置: 1.用sys用户运行脚本utlxplan.sql创建PLAN_TABLE表 脚本目录:(UNIX:$ORACLE_HOME/rdbm ...
- php使用注意点
php使用时间之前要将php.ini中时区设置好,否则会报警告.截图如下:“;date.timezone =”设置为“date.timezone =Asia/Shanghai”即可. apache如果 ...
- 四、mysql内置函数
.字符串函数 concat('a','b'); 字符串拼接函数 ,,"我是A我是B"): 从指定位置开始替换指定长度的指定数据(起步为1) lower() 转小写 upper() ...