


Laravel 5 framework learning user authentication, laravel5 framework authentication_PHP tutorial
Laravel 5 framework learning user authentication, laravel5 framework authentication
Laravel has been shipped with a user authentication system. Let’s take a look at routes.php. If deleted, add it :
Route::controllers([ 'auth' => 'Auth\AuthController', 'password' => 'Auth\PasswordController' ]);
You can use php artisan route:list to check it out. Visit /auth/login in the browser and you will see the login interface. It is best to comment out the things about google in the system default app.blade.php, otherwise you will go crazy.
You can use register, login or even forget password.
Actually registering a user failed after submission. In fact, it did not fail, but larave automatically jumped to /home. We have deleted this controller. You can use tinker to see if the user has been created.
Trait is actually used in AuthAuthController, what is triat? Well, PHP only supports single inheritance, and traits were added in PHP5.4. A trait is actually an encapsulation of a set of methods, and you can include it in another class. Like an abstract class, you cannot instantiate it directly.
There is a reference to the trait in AuthAuthController:
Copy code The code is as follows:
use AuthenticatesAndRegistersUsers;
Let’s find him and see how he jumps after registration. He is hidden quite deep in vendor/laravel/framework/src/Illuminate/Foundation/Auth/AuthenticatesAndregistersUsers.php, wow.
public function redirectPath() { if (property_exists($this, 'redirectPath')) { return $this->redirectPath; } //如果用户设置了 redirectTo 属性,则跳转到用户设置的属性,否则到home return property_exists($this, 'redirectTo') ? $this->redirectTo : '/home'; }
OK, we know, just set the redirectTo attribute to customize the jump after registration. We modify it in AuthAuthContotroller:
Copy code The code is as follows:
protected $redirectTo = 'articles';
Let’s use /auth/logout first to make sure we log out. Don’t be afraid if something goes wrong, we don’t have a default homepage. Re-visit: auth/register to create a new user. This time it should be ok.
Logout again, and then use login to log in.
Now we can delete the temporarily set hidden fields in form_partial and modify the controller:
public function store(Requests\ArticleRequest $request) { //你可以这样 //$request = $request->all(); //$request['user_id'] = Auth::id(); //更简单的方法 $article = Article::create($request->all()); //laravel 自动完成外键关联 Auth::user()->articles()->save($article); return redirect('articles'); }
Add an article and check it out using tinker.
Middleware
Of course we don't want anyone to be able to publish articles, at least only by logging in. We add protection in the controller:
public function create() { if (Auth::guest()) { return redirect('articles'); } return view('articles.create'); }
The above code works, but there is a problem. We need to perform the above processing in every method that needs to be protected. This is too stupid. Fortunately, we have middleware.
Middleware can be understood as a processing pipeline. The middleware processes at a certain moment in the pipeline. This moment can be a request or a response. Depending on the processing rules of the middleware, the request may be redirected or passed.
There are three middlewares included in app/http/middleware. You can tell what they do by their names. Take a closer look. Note that Closure $next represents the next middleware.
Register the middleware in app/http/kernel.php. The $middleware section declares middleware that processes all http, $routeMiddleware only processes routing, and you must explicitly declare to use one or more of these middlewares.
Suppose we want to protect the entire ArticlesController, we add middleware directly in the constructor:
public function __construct() { $this->middleware('auth'); }
Every method is now protected.
But we probably don’t want the entire controller to be protected, what if it’s just one or two of its methods? We can handle it like this:
public function __construct() { $this->middleware('auth', ['only' => 'create']); //当然可以反过来 //$this->middleware('auth', ['except' => 'index']); }
We don’t have to introduce middleware in the constructor of the controller, we can declare it directly in the route:
Copy code The code is as follows:
Route::get('about', ['middleware' => 'auth', 'uses' => 'PagesController@about']);
The system middleware provided in kernel.php, such as 'IlluminateFoundationHttpMiddlewareCheckForMaintenanceMode', allows us to enter maintenance mode. For example, the system is online, but now it needs to be temporarily shut down for a period of time for processing. We can process it on the command line. Take a look at this middleware in action:
Copy code The code is as follows:
php artisan down
Visit the website and you can see that any URL request will be returned immediately. Website online:
Copy code The code is as follows:
php artisan up
Let’s make our own middleware:
Copy code The code is as follows:
php artisan make:middleware Demo
Then add the code:
public function handle($request, Closure $next) { //如果请求中含有 foo,我们就回到控制器首页 if ($request->has('foo')) { return redirect('articles'); } return $next($request); }
If you want to use middleware for all requests, you need to register it in $middleware in kernel.php:
protected $middleware = [ ... 'App\Http\Middleware\Demo', ];
Now we can test it, let’s say we visit /articles/create?foo=bar and we are redirected to the homepage.
Let’s get rid of this display middleware and let’s create a middleware that is actually useful. Suppose we want to protect a page. This page must be accessible by administrators.
Copy code The code is as follows:
php artisan make:middleware RedirectIfNotAManager
Let’s add the processing code:
public function handle($request, Closure $next) { if (!$request->user() || !$request->user()->isATeamManager()) { return redirect('articles'); } return $next($request); }
下面修改我们的模型:
public function isATeamManager() { return false; }
简单起见,我们直接返回false。这次我们把中间件放置在 kernel.php 中的$routeMiddleware 中。
protected $routeMiddleware = [ ... 'manager' => 'App\Http\Middleware\RedirectIfNotAManager', ];
我们做一个测试路由测试一下:
Route::get('foo', ['middleware' => 'manager', function() { return 'This page may only be viewed by manager'; }]);
guest身份访问或者登录身份访问都会返回主页,但是如果修改 isATeamManager() 返回 true,登录身份访问可以看到返回的信息。
以上就是本文所述的全部内容,希望对大家熟悉Laravel5框架能够有所帮助。

Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

Notepad++7.3.1
Easy-to-use and free code editor

SublimeText3 Chinese version
Chinese version, very easy to use

Zend Studio 13.0.1
Powerful PHP integrated development environment

Dreamweaver CS6
Visual web development tools

SublimeText3 Mac version
God-level code editing software (SublimeText3)

Hot Topics



PHP 8.4 brings several new features, security improvements, and performance improvements with healthy amounts of feature deprecations and removals. This guide explains how to install PHP 8.4 or upgrade to PHP 8.4 on Ubuntu, Debian, or their derivati

Visual Studio Code, also known as VS Code, is a free source code editor — or integrated development environment (IDE) — available for all major operating systems. With a large collection of extensions for many programming languages, VS Code can be c

If you are an experienced PHP developer, you might have the feeling that you’ve been there and done that already.You have developed a significant number of applications, debugged millions of lines of code, and tweaked a bunch of scripts to achieve op

This tutorial demonstrates how to efficiently process XML documents using PHP. XML (eXtensible Markup Language) is a versatile text-based markup language designed for both human readability and machine parsing. It's commonly used for data storage an

JWT is an open standard based on JSON, used to securely transmit information between parties, mainly for identity authentication and information exchange. 1. JWT consists of three parts: Header, Payload and Signature. 2. The working principle of JWT includes three steps: generating JWT, verifying JWT and parsing Payload. 3. When using JWT for authentication in PHP, JWT can be generated and verified, and user role and permission information can be included in advanced usage. 4. Common errors include signature verification failure, token expiration, and payload oversized. Debugging skills include using debugging tools and logging. 5. Performance optimization and best practices include using appropriate signature algorithms, setting validity periods reasonably,

A string is a sequence of characters, including letters, numbers, and symbols. This tutorial will learn how to calculate the number of vowels in a given string in PHP using different methods. The vowels in English are a, e, i, o, u, and they can be uppercase or lowercase. What is a vowel? Vowels are alphabetic characters that represent a specific pronunciation. There are five vowels in English, including uppercase and lowercase: a, e, i, o, u Example 1 Input: String = "Tutorialspoint" Output: 6 explain The vowels in the string "Tutorialspoint" are u, o, i, a, o, i. There are 6 yuan in total

Static binding (static::) implements late static binding (LSB) in PHP, allowing calling classes to be referenced in static contexts rather than defining classes. 1) The parsing process is performed at runtime, 2) Look up the call class in the inheritance relationship, 3) It may bring performance overhead.

What are the magic methods of PHP? PHP's magic methods include: 1.\_\_construct, used to initialize objects; 2.\_\_destruct, used to clean up resources; 3.\_\_call, handle non-existent method calls; 4.\_\_get, implement dynamic attribute access; 5.\_\_set, implement dynamic attribute settings. These methods are automatically called in certain situations, improving code flexibility and efficiency.
