dongpo2340 2016-10-19 08:04
浏览 56
已采纳

不好的做法? 按用户名排序,然后在密码匹配时进行验证然后添加到会话中?

$user = \App\User::where("name", $req->us)->firstOrFail();

then:

if(Hash::check($plain_text_password, $user->password)){
   //add user to session
}
else{
  //bad credentials
}

I'm aware of other methods available in Laravel, I'm asking about this specific situation.

  • 写回答

2条回答 默认 最新

  • doulin3510 2016-10-19 08:27
    关注

    There are two approaches.

    Approach 1. You can add both username password in the where condition.

    If the username and password not matching, The error message will be like "Invalid Username and password"

    Approach 2. (Your approach). Get the user record from the user table using where("name", $req->us) and validate the password if(Hash::check($user->password, $user->password)). The advantage in this approach is you can show the error message like below.

    • If the username is not in the table, you can display error like "Invalid Username".
    • If the password is not matching, you can display error like "Invalid Password".

    You can use any approach and from a security perspective you can go with the approach 1.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 HFSS 中的 H 场图与 MATLAB 中绘制的 B1 场 部分对应不上
  • ¥15 如何在scanpy上做差异基因和通路富集?
  • ¥20 关于#硬件工程#的问题,请各位专家解答!
  • ¥15 关于#matlab#的问题:期望的系统闭环传递函数为G(s)=wn^2/s^2+2¢wn+wn^2阻尼系数¢=0.707,使系统具有较小的超调量
  • ¥15 FLUENT如何实现在堆积颗粒的上表面加载高斯热源
  • ¥30 截图中的mathematics程序转换成matlab
  • ¥15 动力学代码报错,维度不匹配
  • ¥15 Power query添加列问题
  • ¥50 Kubernetes&Fission&Eleasticsearch
  • ¥15 報錯:Person is not mapped,如何解決?