Original: https://qianjinyike.com/laravel-%E5%86%85%E7%BD%AE-web-%E8%AE%A4%E8%AF%81/
- What is a web authentication
User registration is successful (successful landing). In the server generates session file and returns the file name stored in the client session cookie.
Find a user session file with the file name to the server-side session cookie in the middle, found on certification success, otherwise fail
- Ready to work
Laravel generate default login authentication function, please refer to:
Laravel default login authentication function
PS: If no registration function, can specify routing Auth :: routes ([ 'register' => false]) ;.
- Redirect
Within the following controller, or if the redirection method attribute definitions are automatically redirected
// LoginController, RegisterController, ResetPasswordController, ConfirmPasswordController and VerificationController
protected $redirectTo = '/';
# 方法的优先级高于属性定义
protected function redirectTo()
{
// 可以写一些逻辑
return '/path';
// return route('login');
}
- Modify authentication
// app/Http/Controllers/Auth/LoginController.php追加
public function username(){
return 'name'; // 默认 email
}
- Adding login authentication
Auth increase in certified middleware route
Route::get('profile', function () {
return '1234';
})->middleware('auth');
Increase in the constructor middleware
public function __construct()
{
$this->middleware('auth')->except('create', 'delete');
$this->middleware('auth')->only('create');
}
- Logout and login information acquisition
$user = Auth::user();
$id = Auth::id();
$request->user()
if (Auth::check()) // 判断是否登录
Auth::logout();
- Manual override the login method
# 当你不喜欢自带的控制器去认证用户,你可以移除这些控制器,
# 引入 Auth facade,利用 attempt 手动认证
class LoginController extends Controller
{
public function authenticate(Request $request)
{
$request->validate([
'email' => 'required|email',
'password' => 'required|min:5'
]);
if (\Auth::attempt(['email' => $request->email, 'password' => $request->password])) {
session()->flash('success', '登陆成功');
return redirect()->route('home');
} else {
session()->flash('danger', '登陆失败');
return back();
}
}
}
attempt example, the first array represents To verify the field, the second field represents whether the user in mind (session never expires, has been logged in)
if (Auth::attempt(['email' => $email, 'password' => $password], $remember)) {
// The user is being remembered... 内置的 LoginController 已经实现 remember
// $remember的值为bool
}
- Single Device Login
// 取消登陆在别的设备上的认证
// app/Http/Kernel.php中取消注释:\Illuminate\Session\Middleware\AuthenticateSession::class,
// $password为登录密码,执行这段语句后,将会踢掉正在登录的同一账户
Auth::logoutOtherDevices($password);