Laravel 空密码散列

Question

当我尝试更新用户数据并让密码字段清空时，它再次被散列，这意味着密码将更改并且您无法再次登录那么有什么办法可以解决这个问题吗？？

代码

$this->validate($request, [
        'first_name'=> 'required|string',
        'last_name' =>  'required|string',
        'email'     =>  'required|email|unique:users,email,'.Auth::id(),
        'password'  =>  'sometimes|nullable|string|min:8,'.Auth::id(),
        'avatar'    =>  'image|mimes:jpg,jpeg,gif,png,svg|max:2048,'.Auth::id(),
        'gender'    =>  'required',
        'country_id'=>  'required',
    ]);

    $user = User::find(Auth::id());

    $user->first_name = $request->first_name;
    $user->last_name = $request->last_name;
    $user->email = $request->email;
    $user->gender = $request->gender;
    $user->country_id = $request->country_id;
    $user->password = bcrypt(request('password'));
    if($request->hasFile('avatar')){
        $avatar = $request->file('avatar');
        $filename = time() . '.' . $avatar->getClientOriginalExtension();
        Image::make($avatar)->resize(300, 300)->save( public_path('/images/avatars/' . $filename ) );
        $user->avatar = $filename;
    }

    $user->save();

    return redirect()->back();

Answer 1

需要先检查请求对象中是否有passoword

if($request->password){
 $user->password = bcrypt(request('password'));
}

编辑后的样子：

$this->validate($request, [
    'first_name'=> 'required|string',
    'last_name' =>  'required|string',
    'email'     =>  'required|email|unique:users,email,'.Auth::id(),
    'password'  =>  'sometimes|nullable|string|min:8,'.Auth::id(),
    'avatar'    =>  'image|mimes:jpg,jpeg,gif,png,svg|max:2048,'.Auth::id(),
    'gender'    =>  'required',
    'country_id'=>  'required',
]);

$user = User::find(Auth::id());

$user->first_name = $request->first_name;
$user->last_name = $request->last_name;
$user->email = $request->email;
$user->gender = $request->gender;
$user->country_id = $request->country_id;

if($request->password){
    $user->password = bcrypt(request('password'));
}

if($request->hasFile('avatar')){
    $avatar = $request->file('avatar');
    $filename = time() . '.' . $avatar->getClientOriginalExtension();
    Image::make($avatar)->resize(300, 300)->save( public_path('/images/avatars/' . $filename ) );
    $user->avatar = $filename;
}

$user->save();

return redirect()->back();

Answer 2

您可以简单地测试密码是否存在。

$this->validate($request, [
        'first_name'=> 'required|string',
        'last_name' =>  'required|string',
        'email'     =>  'required|email|unique:users,email,'.Auth::id(),
        'password'  =>  'sometimes|nullable|string|min:8,'.Auth::id(),
        'avatar'    =>  'image|mimes:jpg,jpeg,gif,png,svg|max:2048,'.Auth::id(),
        'gender'    =>  'required',
        'country_id'=>  'required',
    ]);

    $user = User::find(Auth::id());

    $user->first_name = $request->first_name;
    $user->last_name = $request->last_name;
    $user->email = $request->email;
    $user->gender = $request->gender;
    $user->country_id = $request->country_id;
    if ($request->password) {
        $user->password = bcrypt($request->password);
    }
    if($request->hasFile('avatar')){
        $avatar = $request->file('avatar');
        $filename = time() . '.' . $avatar->getClientOriginalExtension();
        Image::make($avatar)->resize(300, 300)->save( public_path('/images/avatars/' . $filename ) );
        $user->avatar = $filename;
    }

    $user->save();

    return redirect()->back();

Answer 3

首先，您可以更改验证规则以检查 password 在出现时是否不为空：

'password'  =>  'sometimes|required|string|min:8',

然后 bcrypt 如果它不为空并且存在于请求 vie $request->filled() 方法中：

if ($request->filled('password'))
{
    $user->password = bcrypt($request->password);
}

Laravel 空密码散列

Laravel Empty Password hashing

mysql

laravel

laravel-5

laravel-6

laravel-6.2