防止未经授权的用户访问laravel 5中的管理页面 [英] prevent unauthorized users to access admin pages in laravel 5

查看:64
本文介绍了防止未经授权的用户访问laravel 5中的管理页面的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我尝试了许多方法,但是即使用户未登录,也可以打开秘密的管理页面.
此路由用于管理员目录:

I try many ways for that but even if users do not logined , can open secret admin pages.
this Route is for admin directory: 

Route::group(
        array (
            'prefix' => 'admin',
        ),
        function () {
            Route::resource('posts', 'postController');

            Route::get('/login', array ('uses' => 'loginController@showForm'));
            Route::post('/login', array ('uses' => 'loginController@checkLogin'));

            Route::get('/logOut', array ('uses' => 'loginController@doLogout'));

        }
    );

这是我的登录控制器:

namespace App\Http\Controllers;

use App\Http\Requests;
use Illuminate\Support\Facades\Input;
use Illuminate\Support\Facades\Redirect;
use Illuminate\Support\Facades\View;

class loginController extends Controller
{
    public function showForm ()
    {
        return View::make('admin.login');
    }

    public function checkLogin ()
    {
        $data  = \Input::all();
        $rules = array (
            'username' => 'alpha_num|min:3',
            'password' => 'alpha_num|min:3',
        );

        $validator = \Validator::make($data, $rules);

        if ($validator->fails()) {
            return \Redirect::to('admin')->withErrors($validator)->withInput(\Input::all());
        } else {

            $enteredData    =   array(
                'username'  =>  Input::get('username'),
                'password'  =>  Input::get('password')
            );

            if (\Auth::attempt($enteredData)) {
                return \Redirect::to('admin/posts');
            } else {
                echo 'the data is Wrong ';
            }

        }


    }

    public function doLogout(){

        \Auth::logout();
        return Redirect::to('/admin/login');
    }
}

这部分是 postController :

namespace App\Http\Controllers;

use App\Http\Requests;
use App\Post;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Input;
use Illuminate\Support\Facades\Redirect;
use Illuminate\Support\Facades\View;

class postController extends Controller
{

    public function __construct ()
    {
        var_dump(\Auth::check());
        if (!\Auth::check()) {
            return \Redirect::to('/admin/login');
        }
    }
    /**
     * Display a listing of the resource.
     *
     * @return Response
     */
    public function index ()
    {
        $allPosts   =   Post::all();
        return \View::make('admin.pages.posts')->with('posts',$allPosts);
    }

    /**
     * Show the form for creating a new resource.
     *
     * @return Response
     */
    public function create ()
    {
        return \View::make('admin.pages.post_create');
    }

    /**
     * Store a newly created resource in storage.
     *
     * @param  Request $request
     * @return Response
     */
    public function store (Request $request)
    {
        $data = Input::all();

        $rules = array (
            'post_title' => 'required',
            'post_desc'  => 'required'
        );

        $validator = \Validator::make($data, $rules);

        if ($validator->fails()) {
            return \Redirect::to('/admin/posts/create')
                ->withErrors($validator)
                ->withInput();
        } else {

            $post             = new Post();
            $post->post_title = $data['post_title'];
            $post->post_desc  = $data['post_desc'];
            $post->save();

            return \Redirect::to('/admin/posts');
        }
    }

    /**
     * Display the specified resource.
     *
     * @param  int $id
     * @return Response
     */
    public function show ($id)
    {
        $post   =   Post::find($id);

        return \View::make('admin.pages.show_post')->with('post',$post);
    }

    /**
     * Show the form for editing the specified resource.
     *
     * @param  int $id
     * @return Response
     */
    public function edit ($id)
    {
        $post   =   Post::find($id);
        return \View::make('admin.pages.edit_post')->with('post',$post);
    }

    /**
     * Update the specified resource in storage.
     *
     * @param  Request $request
     * @param  int     $id
     * @return Response
     */
    public function update (Request $request, $id)
    {
        $data = Input::all();

        $rules = array (
            'post_title' => 'required',
            'post_desc'  => 'required'
        );

        $validator = \Validator::make($data, $rules);

        if ($validator->fails()) {
            return \Redirect::to('post/create')
                ->withErrors($validator)
                ->withInput();
        } else {

            $post             = Post::find($id);
            $post->post_title = $data['post_title'];
            $post->post_desc  = $data['post_desc'];
            $post->save();

            return \Redirect::to('admin/posts');
        }
    }

    /**
     * Remove the specified resource from storage.
     *
     * @param  int $id
     * @return Response
     */
    public function destroy ($id)
    {
        $post   =   Post::find($id);
        $post->delete();

        return Redirect::to('admin/posts');
    }
}

请注意,我添加了一个构造方法来控制未登录的用户并将他们重定向到登录页面:

Be Care that i add a construct method to control not logged users and Redirect them to login page : 

public function __construct ()
    {
        var_dump(Auth::check());
        if (!Auth::check()) {
            return Redirect::to('/admin/login');
        }
    }

var_dump 对于登录的用户返回 true ,对于其他用户返回 false ,但是重定向操作不是.

var_dump return true for logged user and false for others But Redirect action do not be.

问题出在哪里?

更新:
我将发布路线资源更改为:

Update :
i change posts route resource to : 

Route::resource('posts', 'postController',array('middleware' => 'auth'));

但效果不佳.
但是,当我将Construct postController更改为:

but it was Ineffective.
However when I change Construct postController to : 

public function __construct ()
    {
        $this->middleware('auth');


    }

工作正常.

推荐答案

通过@craig_h答案和我的研究,我发现必须在另一个路由组中分离登录和注销路由.当我使用此代码时:

By @craig_h answer and my researches, I found that I must to separate Login and Logout Routes in another Route Group. when I used this code : 

Route::group(
    array (
        'prefix' => 'admin',
        'middleware' => ['auth']
    ),
    function () {
        Route::resource('posts', 'postController');

        Route::get('/login', array ('uses' => 'loginController@showForm'));
        Route::post('/login', array ('uses' => 'loginController@checkLogin'));

        Route::get('/logOut', array ('uses' => 'loginController@doLogout'));

    }
);

我得到此网页具有重定向循环,Chrome中出现错误,因为登录和注销位于发布资源路由的同一路由组中,并且未经授权的用户返回登录页面laravel尝试对他进行身份验证,并在页面中发生了重定向循环.

i get This webpage has a redirect loop Error in Chrome because login and logout were in the same Route group that post Resource Route was and when an unauthorized user Returned to login page laravel tries to authenticate him and occurred a redirect loop in the page.

但是当在另一个路由组(例如波纹管)中单独登录和注销路由时,问题解决了,并且一切正常.

but when separate login and logout Route in another route group like bellow,the problem solved and all things worked fine. 

Route::group(
    array (
        'prefix' => 'admin',
        'middleware' => ['auth']
    ),
    function () {
        Route::resource('posts', 'postController');
    }
);

Route::group(
    array (
        'prefix' => 'admin'
    ),
    function () {
        Route::get('/login', array ('uses' => 'loginController@showForm'));
        Route::post('/login', array ('uses' => 'loginController@checkLogin'));

        Route::get('/logOut', array ('uses' => 'loginController@doLogout'));

    }
);

这篇关于防止未经授权的用户访问laravel 5中的管理页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
PHP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆