时间戳

首页 > 解决方案 > 如何在 Laravel 中执行自定义身份验证验证

php - 如何在 Laravel 中执行自定义身份验证验证

问题描述

我使用自定义身份验证创建了一个 laravel 应用程序。通过whych,用户可以单独使用手机号码登录。一旦他们输入手机号码并提交,他们将在手机上收到一次密码作为短信。在下一个屏幕上,他们应该输入一次性密码并登录。我已经成功实现了这个功能。

但是我的问题是,当我验证一次密码时,如果密码正确,它就会登录,如果密码错误,我会收到一条错误消息,指出这条路线不支持 GET 方法。支持的方法:POST。,我不知道是什么导致了这个错误,因为所有的路由都只在 POST 中。

请指导我实现这一点,如果一次性密码错误,页面应重定向到同一页面,说明显示“一次性密码不匹配”的错误。

我的路线:

Auth::routes(['login' => false]);

Route::get('/home', 'HomeController@index')->name('home');

Route::post('/otp', 'AuthController@showOtpForm')->name('otp');

Route::post('/loginsuccess', 'AuthController@loginsuccess')->name('loginsuccess');

Login.blade.php 上的表单标签如下

<form class="login-form" action="{{ route('otp') }}" method="post">

otp.blade.php 登录页面的表单标签和隐藏值如下

<form class="login-form" method="POST" action="{{ route('loginsuccess') }}">

<input type="hidden" value="{{ $phone }}" name="phone">

我的身份验证控制器如下,

 public function showOtpForm(Request $request)
    {
        try
        {
            $newotp =  mt_rand(100000, 999999);

            $user = User::where('phone', $request->phone)->firstOrFail();
            $user->otp = $newotp;
            $user->save();

            return view('auth.otp')->with('phone', $request->phone);
        }
        catch(ModelNotFoundException $e)
        {
            //dd(get_class_methods($e)); // lists all available methods for exception object
            echo "No user found, please register or try again later.";
        }

    }


    public function loginsuccess(Request $request)
    {
        try
        {
            $user = User::where('phone', $request->phone)->firstOrFail();
                if($user->otp === $request->otp)
                {
                    Auth::login($user);
                    return redirect()->route('home');
                }else{
                    return redirect()->back();
                }
        }
        catch(ModelNotFoundException $e)
        {
            dd($e);
        }
    }

请帮助我验证,如果一次性密码正确意味着它应该去路由('home'),如果一次性密码错误,那么它应该被重定向到用户输入一次性密码但有错误的同一页面。

标签: phplaravel

解决方案

The problem is the following statement:

return redirect()->back();

This redirects the user back on your otp route. You defined that the route is only accessible by using a POST request. The problem is that the redirection uses a GET request.

So either you think about redirecting the user to the login route like return redirect()->route('login'); so that he has to enter his mobile number again (would eventually be a little bit more secure) or you change your otp route from GET to POST like this:

Route::get('/otp', 'AuthController@showOtpForm')->name('otp');

If you change POST to GET you must also change the method in your form on the login view.

BTW: You can not pass login => false as parameter for Auth::routes(). Possible parameters are:

Auth::routes([
  'register' => false, // Registration Routes...
  'reset' => false, // Password Reset Routes...
  'verify' => false, // Email Verification Routes...
]);

You need to override the login route and just redirect it to home or somewhere else.

推荐阅读