我正在使用Laravel 5.1来构建具有RESTFUl资源的后端系统,这些资源将被某些移动应用程序使用。
忘记密码故事
如果有人忘记了密码,那么服务器必须向他注册的电子邮件发送带有临时密码的电子邮件。从下一次开始,服务器必须使用临时密码或使用密码
对用户进行身份验证有人可以指导我如何做到这一点
答案 0 :(得分:2)
您可以修改PasswordController
app\http\controllers\auth
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ResetsPasswords;
use App\Models\User; //yours is probably App\User;
use Mail, Hash;
class PasswordController extends Controller
{
/*
|--------------------------------------------------------------------------
| Password Reset Controller
|--------------------------------------------------------------------------
|
| This controller is responsible for handling password reset requests
| and uses a simple trait to include this behavior. You're free to
| explore this trait and override any methods you wish to tweak.
|
*/
use ResetsPasswords;
/**
* Create a new password controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest');
}
public function postEmail(Request $request)
{
$this->validate($request, ['email' => 'required|email']);
$email = $request->get('email');
if(!$user = User::where('email', $email)->first()) return redirect()->back()->with('error', 'Email does not exists');
//create temporal password
$temp_password = str_random(8); //generates random 8 characters long string
//hash password and save in database
//I assume you have `temp_password` in your users column
$user->temp_password = Hash::make($temp_password);
$user->save();
//data to be used in mail
$data['subject'] = 'Password Reminder'; //$this->getEmailSubject();
$data['email'] = $email;
$data['temp_password'] = $temp_password;
//send mail to user
Mail::send('emails.password_reminder', $data, function($message) use ($data)
{
$message->from('no-reply@site.com', $data['subject']);
$message->subject($data['subject']);
$message->to($data['email']);
});
}
}
然后在resource/views/emails
创建password_reminder.blade.php
Your temporal password is {{$temp_password}}
NB:Someone requested a password reminder, if you are not the one kindly ignore
用于用户身份验证
尝试 - (未经测试)
$email = \Request::get('email');
$password = \Request::get('password');
if (Auth::attempt(['email' =>$email, 'password' => $password])){
return true;
}elseif(Auth::attempt(['email' =>$email, 'temp_password' => $password])){
return true;
}else{
return false;
}
或试试这个
$email = \Request::get('email');
$password = \Request::get('password');
$user = User::where('email',$email)->first();
if(!$user) return false;
if (Auth::attempt(['email' =>$email, 'password' => $password])){
return true;
}elseif(\Hash::check($password, $user->temp_password)){
Auth::loginUsingId($user->id); return true;
}else{
return false;
}