我嘗試了很多方法,但即使用戶沒有登錄,也可以打開祕密管理頁面。
這個路線是admin目錄:防止未經授權的用戶訪問laravel中的管理頁面5
Route::group(
array (
'prefix' => 'admin',
),
function() {
Route::resource('posts', 'postController');
Route::get('/login', array ('uses' => '[email protected]'));
Route::post('/login', array ('uses' => '[email protected]'));
Route::get('/logOut', array ('uses' => '[email protected]'));
}
);
這是我的登錄控制器:
namespace App\Http\Controllers;
use App\Http\Requests;
use Illuminate\Support\Facades\Input;
use Illuminate\Support\Facades\Redirect;
use Illuminate\Support\Facades\View;
class loginController extends Controller
{
public function showForm()
{
return View::make('admin.login');
}
public function checkLogin()
{
$data = \Input::all();
$rules = array (
'username' => 'alpha_num|min:3',
'password' => 'alpha_num|min:3',
);
$validator = \Validator::make($data, $rules);
if ($validator->fails()) {
return \Redirect::to('admin')->withErrors($validator)->withInput(\Input::all());
} else {
$enteredData = array(
'username' => Input::get('username'),
'password' => Input::get('password')
);
if (\Auth::attempt($enteredData)) {
return \Redirect::to('admin/posts');
} else {
echo 'the data is Wrong ';
}
}
}
public function doLogout(){
\Auth::logout();
return Redirect::to('/admin/login');
}
}
而這部分是PostController中:
namespace App\Http\Controllers;
use App\Http\Requests;
use App\Post;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Input;
use Illuminate\Support\Facades\Redirect;
use Illuminate\Support\Facades\View;
class postController extends Controller
{
public function __construct()
{
var_dump(\Auth::check());
if (!\Auth::check()) {
return \Redirect::to('/admin/login');
}
}
/**
* Display a listing of the resource.
*
* @return Response
*/
public function index()
{
$allPosts = Post::all();
return \View::make('admin.pages.posts')->with('posts',$allPosts);
}
/**
* Show the form for creating a new resource.
*
* @return Response
*/
public function create()
{
return \View::make('admin.pages.post_create');
}
/**
* Store a newly created resource in storage.
*
* @param Request $request
* @return Response
*/
public function store (Request $request)
{
$data = Input::all();
$rules = array (
'post_title' => 'required',
'post_desc' => 'required'
);
$validator = \Validator::make($data, $rules);
if ($validator->fails()) {
return \Redirect::to('/admin/posts/create')
->withErrors($validator)
->withInput();
} else {
$post = new Post();
$post->post_title = $data['post_title'];
$post->post_desc = $data['post_desc'];
$post->save();
return \Redirect::to('/admin/posts');
}
}
/**
* Display the specified resource.
*
* @param int $id
* @return Response
*/
public function show ($id)
{
$post = Post::find($id);
return \View::make('admin.pages.show_post')->with('post',$post);
}
/**
* Show the form for editing the specified resource.
*
* @param int $id
* @return Response
*/
public function edit ($id)
{
$post = Post::find($id);
return \View::make('admin.pages.edit_post')->with('post',$post);
}
/**
* Update the specified resource in storage.
*
* @param Request $request
* @param int $id
* @return Response
*/
public function update (Request $request, $id)
{
$data = Input::all();
$rules = array (
'post_title' => 'required',
'post_desc' => 'required'
);
$validator = \Validator::make($data, $rules);
if ($validator->fails()) {
return \Redirect::to('post/create')
->withErrors($validator)
->withInput();
} else {
$post = Post::find($id);
$post->post_title = $data['post_title'];
$post->post_desc = $data['post_desc'];
$post->save();
return \Redirect::to('admin/posts');
}
}
/**
* Remove the specified resource from storage.
*
* @param int $id
* @return Response
*/
public function destroy ($id)
{
$post = Post::find($id);
$post->delete();
return Redirect::to('admin/posts');
}
}
要小心,我添加構建方法來控制未記錄的用戶並將其重定向到登錄頁面:
public function __construct()
{
var_dump(Auth::check());
if (!Auth::check()) {
return Redirect::to('/admin/login');
}
}
的var_dump回報真正用於登錄的用戶和假爲別人,而是重定向動作不要。
問題在哪裏?
更新:
我改變的帖子路線資源:
Route::resource('posts', 'postController',array('middleware' => 'auth'));
,但它是無效的。
但是當我改變建設PostController中到:
public function __construct()
{
$this->middleware('auth');
}
它工作得很好。
@craig_h,我更新了我的問題。 –