Laravel 8 防止用户密码更改后注销?
Laravel 8 prevent logout after user password change?
我有一个管理面板,目前正在开发更改密码模块。我已经完成了更改密码的代码,但由于某种原因会话被破坏并且用户在更改密码后注销。如何防止自动注销发生。请帮助我。
HTML
<form id="changepasswordform">
<input type="hidden" name='_token' value="{{ csrf_token() }}">
<div class="form-group">
<div class="row">
<div class="col-md-2">
<label>Password</label>
</div>
<div class="col-md-10">
<div class="custom_error_msg password_error"></div>
<input type="password" name="password" class="form-control password">
</div>
</div>
</div>
<div class="form-group">
<div class="row">
<div class="col-md-2">
<label>Confirm Password</label>
</div>
<div class="col-md-10">
<div class="custom_error_msg confirm_password_error"></div>
<input type="password" name="confirm_password" class="form-control confirm_password">
</div>
</div>
</div>
<div class="form-group">
<div class="row">
<div class="col-md-12">
<button class="btn btn-success float-right"><i class="far fa-save"></i> Save</button>
</div>
</div>
</div>
</form>
控制器
public function ChangePasswordProcess(Request $request){
/*User::find(auth()->user()->id)
->update([
'password'=> Hash::make($request->password)
]);*/
$userId = Auth::User()->id;
$user = User::find($userId);
$user->password = Hash::make($request->password);
$user->save();
return response()->json(['status' => 'success']);
}
Javascript
<script>
$(document).ready(function(){
$(".dropify").dropify();
$("#changepasswordform").submit(function(e){
e.preventDefault();
var status=false;
if($(".password").val()==""){
$(".password_error").html("Field is mandatory");
$(".password_error").show();
status=false;
} else {
$(".password_error").hide();
status=true;
}
if($(".confirm_password").val()==""){
$(".confirm_password_error").html("Field is mandatory");
$(".confirm_password_error").show();
status=false;
} else {
$(".confirm_password_error").hide();
status=true;
}
if($(".password").val()!=="" && $(".confirm_password").val()!==""){
if($(".password").val() !== $(".confirm_password").val()){
$(".confirm_password_error").html("Passwords don't match");
$(".confirm_password_error").show();
status=false;
} else {
$(".confirm_password_error").hide();
status=true;
}
}
if(status==true){
var formdata = new FormData(document.getElementById('changepasswordform'));
$.ajax({
url: "{{ route('admin.change_password_process') }}",
type: "post",
async: false,
cache: false,
contentType: false,
processData: false,
data: formdata,
success: function (res) {
if (res.status == 'success') {
Swal.fire({
icon: 'success',
title: 'Success',
text: 'Password updated successfully',
confirmButtonClass: 'btn btn-primary',
buttonsStyling: false,
}).then(function (result) {
window.location.reload();
});
}
}
});
}
});
});
</script>
在controller的ChangePasswordProcess方法中,修改密码的用户需要重新认证
public function ChangePasswordProcess(Request $request){
/*User::find(auth()->user()->id)
->update([
'password'=> Hash::make($request->password)
]);*/
$userId = Auth::User()->id;
$user = User::find($userId);
$user->password = Hash::make($request->password);
$user->save();
Auth::login($user);
return response()->json(['status' => 'success']);
}
当会话的 password_hash 与当前的 auth()->user() 不同时,laravel 将自动注销用户。这是在这个中间件上完成的:
vendor/laravel/framework/src/Illuminate/Session/Middleware/AuthenticateSession.php
如果您使用新的散列密码更新会话中的 password_hash,用户将不会注销。
session()->put([
'password_hash_' . auth()->getDefaultDriver() => $user->getAuthPassword()
]);
示例:
session()->put([
'password_hash_web' => "y$...hashpasswordstoredondatabase"
]);
我有一个管理面板,目前正在开发更改密码模块。我已经完成了更改密码的代码,但由于某种原因会话被破坏并且用户在更改密码后注销。如何防止自动注销发生。请帮助我。
HTML
<form id="changepasswordform">
<input type="hidden" name='_token' value="{{ csrf_token() }}">
<div class="form-group">
<div class="row">
<div class="col-md-2">
<label>Password</label>
</div>
<div class="col-md-10">
<div class="custom_error_msg password_error"></div>
<input type="password" name="password" class="form-control password">
</div>
</div>
</div>
<div class="form-group">
<div class="row">
<div class="col-md-2">
<label>Confirm Password</label>
</div>
<div class="col-md-10">
<div class="custom_error_msg confirm_password_error"></div>
<input type="password" name="confirm_password" class="form-control confirm_password">
</div>
</div>
</div>
<div class="form-group">
<div class="row">
<div class="col-md-12">
<button class="btn btn-success float-right"><i class="far fa-save"></i> Save</button>
</div>
</div>
</div>
</form>
控制器
public function ChangePasswordProcess(Request $request){
/*User::find(auth()->user()->id)
->update([
'password'=> Hash::make($request->password)
]);*/
$userId = Auth::User()->id;
$user = User::find($userId);
$user->password = Hash::make($request->password);
$user->save();
return response()->json(['status' => 'success']);
}
Javascript
<script>
$(document).ready(function(){
$(".dropify").dropify();
$("#changepasswordform").submit(function(e){
e.preventDefault();
var status=false;
if($(".password").val()==""){
$(".password_error").html("Field is mandatory");
$(".password_error").show();
status=false;
} else {
$(".password_error").hide();
status=true;
}
if($(".confirm_password").val()==""){
$(".confirm_password_error").html("Field is mandatory");
$(".confirm_password_error").show();
status=false;
} else {
$(".confirm_password_error").hide();
status=true;
}
if($(".password").val()!=="" && $(".confirm_password").val()!==""){
if($(".password").val() !== $(".confirm_password").val()){
$(".confirm_password_error").html("Passwords don't match");
$(".confirm_password_error").show();
status=false;
} else {
$(".confirm_password_error").hide();
status=true;
}
}
if(status==true){
var formdata = new FormData(document.getElementById('changepasswordform'));
$.ajax({
url: "{{ route('admin.change_password_process') }}",
type: "post",
async: false,
cache: false,
contentType: false,
processData: false,
data: formdata,
success: function (res) {
if (res.status == 'success') {
Swal.fire({
icon: 'success',
title: 'Success',
text: 'Password updated successfully',
confirmButtonClass: 'btn btn-primary',
buttonsStyling: false,
}).then(function (result) {
window.location.reload();
});
}
}
});
}
});
});
</script>
在controller的ChangePasswordProcess方法中,修改密码的用户需要重新认证
public function ChangePasswordProcess(Request $request){
/*User::find(auth()->user()->id)
->update([
'password'=> Hash::make($request->password)
]);*/
$userId = Auth::User()->id;
$user = User::find($userId);
$user->password = Hash::make($request->password);
$user->save();
Auth::login($user);
return response()->json(['status' => 'success']);
}
当会话的 password_hash 与当前的 auth()->user() 不同时,laravel 将自动注销用户。这是在这个中间件上完成的:
vendor/laravel/framework/src/Illuminate/Session/Middleware/AuthenticateSession.php
如果您使用新的散列密码更新会话中的 password_hash,用户将不会注销。
session()->put([
'password_hash_' . auth()->getDefaultDriver() => $user->getAuthPassword()
]);
示例:
session()->put([
'password_hash_web' => "y$...hashpasswordstoredondatabase"
]);