普通网友 2014-01-10 20:32
浏览 59
已采纳

Laravel 4身份验证令牌不匹配

In the filters file I have the following:

Route::filter('auth', function()
{
    if (Auth::guest()) return Redirect::to('user/login');
});

These are the routes I have in my routes.php file:

Route::group(['before' => 'auth'], function ()
{
    Route::resource('section', 'SectionController');
    Route::resource('article', 'ArticleController');
});

Route::controller('user', 'UserController');

the UserController is where the action takes place. Inside the UserController this method handles the login form post which is standard Laravel blade template, no package in use:

Blade file:

    {{ Form::open(['url' => 'user/signin']) }}
{{ Form::token() }}
    <div class="form-group">
        <label>{{ trans('user.email') }}</label>
        <input type="email" name="email" value="" class="form-control">
    </div>

    <div class="form-group">
        <label>{{ trans('user.password') }}</label>
        <input type="password" name="password" value="" class="form-control">
    </div>

    <input type="submit" class="btn btn-primary" value="{{ trans('login') }}">
                {{ Form::close() }}

and this is the UserController post action:

public function postSignin()
{
    //
    if (Auth::attempt(['email' => Input::get('email'), 'password' => Input::get('password')]))
    {
        return Auth::user()->email;
    }
    else
    {
        return Redirect::to('user/login')->with('message', trans('login.failure'));
    }
}

and this is the migration file I use:

public function up()
{
    //
    Schema::create('users', function ($table) {
        $table->increments('id');
        $table->string('email', 16)->unique();
        $table->string('password', 255);
        $table->timestamps();
    });
}

But when I login, I get an exception:

Illuminate \ Session \ TokenMismatchException

thrown in the filters.php file:

Route::filter('csrf', function()
{
    if (Session::token() != Input::get('_token'))
    {
        throw new Illuminate\Session\TokenMismatchException;
    }
});

What am I doing wrong? Does Auth::attempt Hash the password? it is Hashed in the Seeder I use to generate the root user. When I dump the Session::token() it's identical to my Form::token() but still, the TokenMismatchException is thrown within the filters.php file.

Update I disabled the csrf filter in order to be able to actually see the tokens. The two tokens Session::token() and Form::token() are identical before I submit the form, I checked this by looking at the HTML source code. When I submit the form and and dump the tokens using dd() inside my postSignin method the Session::token() has changed. It is no longer identical to the Session::token() seen in the HTML source code.

return array(
    'driver' => 'array',
);

Session config in local folder.

  • 写回答

2条回答 默认 最新

  • dongling2038 2014-01-12 06:44
    关注

    FYI - this is not an auth issue - it has nothing to do with login authentication.

    This relates to a CSRF token, due to the form submission. Somewhere in your code, you must be calling the CSRF filter.

    Adding this to your form should solve the problem:

    {{ Form::open(['url' => 'user/signin']) }}
    {{ Form::token() }}

    ....  /// rest of form stuff here 

{{ Form::close() }}

    edit: make sure your session configuration is also correct. If it is set to 'array' it will not work. It should be 'file' or some other option.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 抖音咸鱼付款链接转码支付宝
  • ¥15 ubuntu22.04上安装ursim-3.15.8.106339遇到的问题
  • ¥15 求螺旋焊缝的图像处理
  • ¥15 blast算法(相关搜索:数据库)
  • ¥15 请问有人会紧聚焦相关的matlab知识嘛?
  • ¥15 网络通信安全解决方案
  • ¥50 yalmip+Gurobi
  • ¥20 win10修改放大文本以及缩放与布局后蓝屏无法正常进入桌面
  • ¥15 itunes恢复数据最后一步发生错误
  • ¥15 关于#windows#的问题:2024年5月15日的win11更新后资源管理器没有地址栏了顶部的地址栏和文件搜索都消失了