Laravel密码重置令牌 [英] Laravel Password Reset Token
问题描述
好的,这是一个初学者,但是我想解释一下.在下面的"postReset"方法中内置的Laravel密码重置中,它指定令牌" ...但是,当使用{!!视图中的csrf_field()!!},它将作为输入名称="_ token"生成._匹配名称时,_是否算作实际字符?只是混淆了数据库迁移如何使用令牌",但是csrf字段将输入名称设置为"_token".
Okay, this is very beginner, but I'd like an explanation. In the built-in Laravel password reset in the "postReset" method below, it specifies "token"...however, when using {!! csrf_field() !!} in the view, it generate as the input name="_token". Does the _ count as an actual character when matching up the names? Just confused how the database migration uses "token", but the csrf field sets up the input name as "_token".
public function postReset(Request $request)
{
$this->validate($request, [
'token' => 'required',
'email' => 'required|email',
'password' => 'required|confirmed|min:6',
]);
$credentials = $request->only(
'email', 'password', 'password_confirmation', 'token'
);
$response = Password::reset($credentials, function ($user, $password) {
$this->resetPassword($user, $password);
});
谢谢
推荐答案
您不需要 _token 即可重置或迁移密码.但是,如果您要使用post方法将任何输入发送到laravel,则绝对需要.
You don't need a _token for password reset or migration. But it is absolutely needed if you are sending any inputs to the laravel in post method.
Laravel可轻松保护您的应用程序免受跨站点请求伪造(CSRF)攻击.跨站点请求伪造是一种恶意利用,利用这种手段,代表经过身份验证的用户执行未经授权的命令.
Laravel makes it easy to protect your application from cross-site request forgery (CSRF) attacks. Cross-site request forgeries are a type of malicious exploit whereby unauthorized commands are performed on behalf of an authenticated user.
如何在表单中包含csrf令牌?
您可以通过将CSrf令牌包含在表单中来
You can include the csrf token by having this inside your form
<input type="hidden" name="_token" value="<?php echo csrf_token(); ?>">
提示:
您可以在CSRF令牌过滤器内部处理
You can handle the action after the CSRF Token filter inside
app\Http\Middleware\VerifyCsrfToken.php
希望这对您有所帮助.
这篇关于Laravel密码重置令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
