问题
How do you tell the laravel auth::attempt that the password field is stored in plaintext instead of it assuming that it is hashed?
With-in the guard.php
public function attempt(array $credentials = array(), $remember = false, $login = true)
{
$this->fireAttemptEvent($credentials, $remember, $login);
$user = $this->provider->retrieveByCredentials($credentials);
// If an implementation of UserInterface was returned, we'll ask the provider
// to validate the user against the given credentials, and if they are in
// fact valid we'll log the users into the application and return true.
if ($user instanceof UserInterface)
{
if ($this->provider->validateCredentials($user, $credentials))
{
if ($login) $this->login($user, $remember);
return true;
}
}
return false;
}
or better yet I'll just have 2 columns, one as the plaintext and other as password_secured.
If I try the latter, how do I tell attempt that the password column name is password_secured.
Cuz I tried this, and got an error Undefined index: password.
$user = array(
'user_id' => Input::get('username'),
'password_secured' => Input::get('password'),
'checklogin' => 0,
);
if (Auth::attempt($user)) {
return 'login success';
}
The thing is I'm porting the application, not building from scratch, and I really need the passwords to be stored in plaintext because another application is using the DB (and it is live) and is coded to read the passwords in plaintext.
回答1:
Consider running a script to hash all your passwords: Storing in plaintext should never be mandated or even considered (even if you inherit the system), as those passwords are immediately lost the moment your database contents are leaked. Hacks happen. Imagine the lawsuits if your customers find out you were not dealing with their data according to standards....
Now, assuming you want to not heed this warning, the way to do it is pretty hackish but works. Guard, as seen from the source (look for __construct), is given an object that implements UserProviderInterface.
You have a bunch of suitable objects. Pick the one you want, and extend it. We'll have a bit of fun with the DatabaseUserProvider, though this extension method is convenient and doable with all of them.
The method we are going to extend is public function validateCredentials(UserInterface $user, array $credentials). As follows:
namespace Illuminate\Auth;
class MyUserInterface extends DatabaseUserProvider {
public function validateCredentials(UserInterface $user, array $credentials) {
$plain = $credentials['password'];
return ($plain === $user->getAuthPassword());
}
}
As MyUserInterface extends DatabaseUserProvider which itself provides UserProviderInterface, MyUserInterface is now dependency-injectable in Guard as a provider. We've done half of the work. The next step is to actually tell Guard to load your thing. I am not familiar with the way Laravel4 loads Guard implementations, but somewhere down the config somewhere, you'll be able to set MyUserInterface as the Guard interface of choice. I cannot be more specific than this.
By the way, the class needs to be at the same location as other interface implementations for Auth.
来源:https://stackoverflow.com/questions/16793333/laravel-4-authattempt-password-in-plaintext