我尝试了许多方法,但是即使用户未登录,也可以打开秘密的管理页面. 此路由用于管理员目录:
I try many ways for that but even if users do not logined , can open secret admin pages. this Route is for admin directory:
Route::group( array ( 'prefix' => 'admin', ), function () { Route::resource('posts', 'postController'); Route::get('/login', array ('uses' => 'loginController@showForm')); Route::post('/login', array ('uses' => 'loginController@checkLogin')); Route::get('/logOut', array ('uses' => 'loginController@doLogout')); } );这是我的登录控制器:
namespace App\Http\Controllers; use App\Http\Requests; use Illuminate\Support\Facades\Input; use Illuminate\Support\Facades\Redirect; use Illuminate\Support\Facades\View; class loginController extends Controller { public function showForm () { return View::make('admin.login'); } public function checkLogin () { $data = \Input::all(); $rules = array ( 'username' => 'alpha_num|min:3', 'password' => 'alpha_num|min:3', ); $validator = \Validator::make($data, $rules); if ($validator->fails()) { return \Redirect::to('admin')->withErrors($validator)->withInput(\Input::all()); } else { $enteredData = array( 'username' => Input::get('username'), 'password' => Input::get('password') ); if (\Auth::attempt($enteredData)) { return \Redirect::to('admin/posts'); } else { echo 'the data is Wrong '; } } } public function doLogout(){ \Auth::logout(); return Redirect::to('/admin/login'); } }这部分是 postController :
namespace App\Http\Controllers; use App\Http\Requests; use App\Post; use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Input; use Illuminate\Support\Facades\Redirect; use Illuminate\Support\Facades\View; class postController extends Controller { public function __construct () { var_dump(\Auth::check()); if (!\Auth::check()) { return \Redirect::to('/admin/login'); } } /** * Display a listing of the resource. * * @return Response */ public function index () { $allPosts = Post::all(); return \View::make('admin.pages.posts')->with('posts',$allPosts); } /** * Show the form for creating a new resource. * * @return Response */ public function create () { return \View::make('admin.pages.post_create'); } /** * Store a newly created resource in storage. * * @param Request $request * @return Response */ public function store (Request $request) { $data = Input::all(); $rules = array ( 'post_title' => 'required', 'post_desc' => 'required' ); $validator = \Validator::make($data, $rules); if ($validator->fails()) { return \Redirect::to('/admin/posts/create') ->withErrors($validator) ->withInput(); } else { $post = new Post(); $post->post_title = $data['post_title']; $post->post_desc = $data['post_desc']; $post->save(); return \Redirect::to('/admin/posts'); } } /** * Display the specified resource. * * @param int $id * @return Response */ public function show ($id) { $post = Post::find($id); return \View::make('admin.pages.show_post')->with('post',$post); } /** * Show the form for editing the specified resource. * * @param int $id * @return Response */ public function edit ($id) { $post = Post::find($id); return \View::make('admin.pages.edit_post')->with('post',$post); } /** * Update the specified resource in storage. * * @param Request $request * @param int $id * @return Response */ public function update (Request $request, $id) { $data = Input::all(); $rules = array ( 'post_title' => 'required', 'post_desc' => 'required' ); $validator = \Validator::make($data, $rules); if ($validator->fails()) { return \Redirect::to('post/create') ->withErrors($validator) ->withInput(); } else { $post = Post::find($id); $post->post_title = $data['post_title']; $post->post_desc = $data['post_desc']; $post->save(); return \Redirect::to('admin/posts'); } } /** * Remove the specified resource from storage. * * @param int $id * @return Response */ public function destroy ($id) { $post = Post::find($id); $post->delete(); return Redirect::to('admin/posts'); } }请注意,我添加了一个构造方法来控制未登录的用户并将他们重定向到登录页面:
Be Care that i add a construct method to control not logged users and Redirect them to login page :
public function __construct () { var_dump(Auth::check()); if (!Auth::check()) { return Redirect::to('/admin/login'); } }var_dump 对于登录的用户返回 true ,对于其他用户返回 false ,但是重定向操作不是.
var_dump return true for logged user and false for others But Redirect action do not be.
问题出在哪里?
更新: 我将发布路线资源更改为:
Update : i change posts route resource to :
Route::resource('posts', 'postController',array('middleware' => 'auth'));但效果不佳. 但是,当我将Construct postController更改为:
but it was Ineffective. However when I change Construct postController to :
public function __construct () { $this->middleware('auth'); }工作正常.
推荐答案通过@craig_h答案和我的研究,我发现必须在另一个路由组中分离登录和注销路由.当我使用此代码时:
By @craig_h answer and my researches, I found that I must to separate Login and Logout Routes in another Route Group. when I used this code :
Route::group( array ( 'prefix' => 'admin', 'middleware' => ['auth'] ), function () { Route::resource('posts', 'postController'); Route::get('/login', array ('uses' => 'loginController@showForm')); Route::post('/login', array ('uses' => 'loginController@checkLogin')); Route::get('/logOut', array ('uses' => 'loginController@doLogout')); } );我得到此网页具有重定向循环,Chrome中出现错误,因为登录和注销位于发布资源路由的同一路由组中,并且未经授权的用户返回登录页面laravel尝试对他进行身份验证,并在页面中发生了重定向循环.
i get This webpage has a redirect loop Error in Chrome because login and logout were in the same Route group that post Resource Route was and when an unauthorized user Returned to login page laravel tries to authenticate him and occurred a redirect loop in the page.
但是当在另一个路由组(例如波纹管)中单独登录和注销路由时,问题解决了,并且一切正常.
but when separate login and logout Route in another route group like bellow,the problem solved and all things worked fine.
Route::group( array ( 'prefix' => 'admin', 'middleware' => ['auth'] ), function () { Route::resource('posts', 'postController'); } ); Route::group( array ( 'prefix' => 'admin' ), function () { Route::get('/login', array ('uses' => 'loginController@showForm')); Route::post('/login', array ('uses' => 'loginController@checkLogin')); Route::get('/logOut', array ('uses' => 'loginController@doLogout')); } );更多推荐
防止未经授权的用户访问laravel 5中的管理页面
发布评论