douxue7196 2016-05-18 07:35
浏览 29

laravel中的登录系统

I have a system login here the system works but when I enter the email data randomly into my system error(in there must roleback to login and show message). but when I enter a random password and true email my code its work i mean my if. how to fix the email ?

here my code view for login :

        @if ( Session::get('message') != '' )
        <div class='alert alert-warning'>
            {{ Session::get('message') }}
        </div>  
        @endif 

        <p class="login-box-msg">Login untuk masuk</p>
        <form action="{{ action('LoginController@postLogin') }}" method="post">
          <input type="hidden" name="_token" value="{{ csrf_token() }}" />
          <div class="form-group has-feedback">
            <input type="text" class="form-control" name='email' required placeholder="Email"/>
            <span class="glyphicon glyphicon-user form-control-feedback"></span>
          </div>
          <div class="form-group has-feedback">
            <input type="password" class="form-control" name='password' required />
            <span class="glyphicon glyphicon-lock form-control-feedback"></span>
          </div>
          <div class="row">
            <div class="col-xs-8 hide">    
              <div class="checkbox icheck">
                <label>
                  <input type="checkbox"> Remember Me
                </label>
              </div>                        
            </div><!-- /.col -->
            <div class="col-xs-4">
              <button type="submit" class="btn btn-primary btn-block btn-flat">Sign In</button>
            </div><!-- /.col -->
          </div>
        </form>

        <br/>
        <!--a href="#">I forgot my password</a-->

      </div><!-- /.login-box-body -->
    </div><!-- /.login-box -->

and this my controller :

public function getIndex()
    {
        if(Session::get('admin_id')!='') return redirect('/');

        $data['page_title'] = "Login Area";
        return view('login',$data);
    }

    public function postLogin() {
        $email      = Request::get('email');
        $password   = Request::get('password');

        if($email && $password) {
            $users = cms_users::whereRaw("email = '$email'")->first();
            if(!Hash::check($password,$users->password)) 
            {
                return redirect('/')->with('message', 'Gagal login email atau password salah !');
            }else{
                Session::put('admin_id',$users->id);
                Session::put('name',$users->name);
                Session::put('email',$users->email);
                Session::put('photo',$users->photo);
                Session::put('username',$users->username);
                return redirect('companies');
            }
        }else{
            return redirect('/')->with('message', 'Anda belum mengisi email dan password dengan benar !');
        }
    }
  • 写回答

1条回答 默认 最新

  • doude5860 2016-05-18 08:07
    关注

    $users = cms_users::whereRaw("email = '$email'")->first(); replace with $users = cms_users::where("email", $email)->first();

    And you do not check if user exists in the DB.

    $user = cms_users::where("email", $email)->first();
if($user){
    if(!Hash::check($password,$users->password)) {
        return redirect('/')->with('message', 'Gagal login email atau password salah !');
    }
    ...
} else{
     //redirect because user with input email is empty in DB
}
    评论

报告相同问题?

悬赏问题

  • ¥15 微信会员卡接入微信支付商户号收款
  • ¥15 如何获取烟草零售终端数据
  • ¥15 数学建模招标中位数问题
  • ¥15 phython路径名过长报错 不知道什么问题
  • ¥15 深度学习中模型转换该怎么实现
  • ¥15 HLs设计手写数字识别程序编译通不过
  • ¥15 Stata外部命令安装问题求帮助!
  • ¥15 从键盘随机输入A-H中的一串字符串,用七段数码管方法进行绘制。提交代码及运行截图。
  • ¥15 TYPCE母转母,插入认方向
  • ¥15 如何用python向钉钉机器人发送可以放大的图片?