检查用户角色 Laravel
Check users role Laravel
在用户输入其凭据并尝试登录并找到用户后,我们将检查一个 siterole table,如果在数据库中找到用户选择的角色 "where userID=request and roleType = request"则登录成功,否则由于选择了错误的用户角色而失败。
代码很简单:
$findrole = $request->role;
$user_id = Auth::user()->id;
$userrole = DB::table('siterole')->where('role_id' ,'=',$findrole)->where('user_id' ,'=', $user_id)->get();
if(!empty($userrole)) {
make it login
}
else{
redirect it with a fail login
}
登录失败我的意思是不应该设置会话,我在
中尝试了这段代码
vendor\laravel\framework\src\Illuminate\Foundation\Auth\AuthenticatesUsers.php
BUT 当找不到 "user_Id" 的 "role_id" 时,用户登录并重定向到错误的页面!
编辑 我将我的代码放入的函数是这样的:
public 函数登录(请求 $request)
{
$this->validateLogin($request);
$throttles = $this->isUsingThrottlesLoginsTrait();
if ($throttles && $lockedOut = $this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
$credentials = $this->getCredentials($request);
if (Auth::guard($this->getGuard())->attempt($credentials, $request->has('remember'))) {
//MYCODE GOES BETWEEN THESE LINES
if its not empty return the below code
return $this->handleUserWasAuthenticated($request, $throttles);
}
if ($throttles && ! $lockedOut) {
$this->incrementLoginAttempts($request);
}
//if its empty return to this section
return $this->sendFailedLoginResponse($request);
}
Auth::user()->id returns 用户id只有当你被认证时。在示例代码的第 2 行中,当您创建 $user_id 变量时,您尚未通过身份验证,因此它始终为空。您需要通过其他方式获得 user_id。
找到了解决方案,所以我把我的条件放在哪里 laravel 已经 return 登录 = true,所以我什么也做不了。
attemp() 实际上正在尝试登录位于:
vendor\laravel\framework\src\Illuminate\Auth\SessionGuard.php
现在在 attemp 函数中我们无法访问我们的请求,但我们可以传递 用户类型 我在位于 :[=13 的函数 getCredentials 中称它为(角色) =]
vendor\laravel\framework\src\Illuminate\Foundation\Auth\AuthenticatesUsers.php
第 1 步:
protected function getCredentials(Request $request)
{
//sending role as credential too
// my input name was role
return $request->only($this->loginUsername(), 'password','role');
}
既然我们在 attemp() 中传递了它,它是我们凭据的第二个数组 但是 我们必须从主凭据中取消设置它,因为 laravel 将创建array 中每个键的 where 子句:
第 2 步
public function attempt(array $credentials = [], $remember = false, $login = true)
{
//get the user roll to check if the user has the same role
//else kill him #Stormspirit
$user_role = $credentials['role'];
//as laravel make the where clause for every field we unset it from the array
unset($credentials['role']);
$this->fireAttemptEvent($credentials, $remember, $login);
$this->lastAttempted = $user = $this->provider->retrieveByCredentials($credentials);
// If an implementation of UserInterface was returned, we'll ask the provider
// to validate the user against the given credentials, and if they are in
// fact valid we'll log the users into the application and return true.
if ($this->hasValidCredentials($user, $credentials)) {
//user credential was valid check the role part
$userrole_finder = DB::table('siterole')->where('role_type',$user_role)->where('user_id',$user->id)->get();
if($userrole_finder==[]) {
$login = false;
return false;
}
if ($login) {
$this->login($user, $remember);
}
return true;
}
一切就绪!不要忘记添加 use DB; 检查您的用户角色 table 如果它是空的,则将登录设置为 false 并且 return false 将完成剩下的工作,您将查看 laravel 的无效凭据错误。
你可以为我刚刚调用的用户类型实现这个 role.you 也可以将用户类型放在 AuthenticatesUsers.php 的 handleUserWasAuthenticated 函数的会话中,确切位置如上所述
protected function handleUserWasAuthenticated(Request $request, $throttles)
{
session(['user_role' => $request->role]);
if ($throttles) {
$this->clearLoginAttempts($request);
}
if (method_exists($this, 'authenticated')) {
return $this->authenticated($request, Auth::guard($this->getGuard())->user());
}
return redirect()->intended($this->redirectPath());
}
在用户输入其凭据并尝试登录并找到用户后,我们将检查一个 siterole table,如果在数据库中找到用户选择的角色 "where userID=request and roleType = request"则登录成功,否则由于选择了错误的用户角色而失败。 代码很简单:
$findrole = $request->role;
$user_id = Auth::user()->id;
$userrole = DB::table('siterole')->where('role_id' ,'=',$findrole)->where('user_id' ,'=', $user_id)->get();
if(!empty($userrole)) {
make it login
}
else{
redirect it with a fail login
}
登录失败我的意思是不应该设置会话,我在
中尝试了这段代码vendor\laravel\framework\src\Illuminate\Foundation\Auth\AuthenticatesUsers.php
BUT 当找不到 "user_Id" 的 "role_id" 时,用户登录并重定向到错误的页面! 编辑 我将我的代码放入的函数是这样的: public 函数登录(请求 $request) {
$this->validateLogin($request);
$throttles = $this->isUsingThrottlesLoginsTrait();
if ($throttles && $lockedOut = $this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
$credentials = $this->getCredentials($request);
if (Auth::guard($this->getGuard())->attempt($credentials, $request->has('remember'))) {
//MYCODE GOES BETWEEN THESE LINES
if its not empty return the below code
return $this->handleUserWasAuthenticated($request, $throttles);
}
if ($throttles && ! $lockedOut) {
$this->incrementLoginAttempts($request);
}
//if its empty return to this section
return $this->sendFailedLoginResponse($request);
}
Auth::user()->id returns 用户id只有当你被认证时。在示例代码的第 2 行中,当您创建 $user_id 变量时,您尚未通过身份验证,因此它始终为空。您需要通过其他方式获得 user_id。
找到了解决方案,所以我把我的条件放在哪里 laravel 已经 return 登录 = true,所以我什么也做不了。
attemp() 实际上正在尝试登录位于:
vendor\laravel\framework\src\Illuminate\Auth\SessionGuard.php
现在在 attemp 函数中我们无法访问我们的请求,但我们可以传递 用户类型 我在位于 :[=13 的函数 getCredentials 中称它为(角色) =]
vendor\laravel\framework\src\Illuminate\Foundation\Auth\AuthenticatesUsers.php 第 1 步:
protected function getCredentials(Request $request)
{
//sending role as credential too
// my input name was role
return $request->only($this->loginUsername(), 'password','role');
}
既然我们在 attemp() 中传递了它,它是我们凭据的第二个数组 但是 我们必须从主凭据中取消设置它,因为 laravel 将创建array 中每个键的 where 子句: 第 2 步
public function attempt(array $credentials = [], $remember = false, $login = true)
{
//get the user roll to check if the user has the same role
//else kill him #Stormspirit
$user_role = $credentials['role'];
//as laravel make the where clause for every field we unset it from the array
unset($credentials['role']);
$this->fireAttemptEvent($credentials, $remember, $login);
$this->lastAttempted = $user = $this->provider->retrieveByCredentials($credentials);
// If an implementation of UserInterface was returned, we'll ask the provider
// to validate the user against the given credentials, and if they are in
// fact valid we'll log the users into the application and return true.
if ($this->hasValidCredentials($user, $credentials)) {
//user credential was valid check the role part
$userrole_finder = DB::table('siterole')->where('role_type',$user_role)->where('user_id',$user->id)->get();
if($userrole_finder==[]) {
$login = false;
return false;
}
if ($login) {
$this->login($user, $remember);
}
return true;
}
一切就绪!不要忘记添加 use DB; 检查您的用户角色 table 如果它是空的,则将登录设置为 false 并且 return false 将完成剩下的工作,您将查看 laravel 的无效凭据错误。
你可以为我刚刚调用的用户类型实现这个 role.you 也可以将用户类型放在 AuthenticatesUsers.php 的 handleUserWasAuthenticated 函数的会话中,确切位置如上所述
protected function handleUserWasAuthenticated(Request $request, $throttles)
{
session(['user_role' => $request->role]);
if ($throttles) {
$this->clearLoginAttempts($request);
}
if (method_exists($this, 'authenticated')) {
return $this->authenticated($request, Auth::guard($this->getGuard())->user());
}
return redirect()->intended($this->redirectPath());
}