3. Submit the CSRF and verification code in the login form, and submit the csrf verification code in the form.

3. Submit the CSRF and verification code in the login form, and submit the csrf verification code in the form.

1. submit the form and submit it to this page.

(1) The form attribute method is the post method. Modify the route so that it can receive post and get requests.

Route::any('/admin/login','Admin\LoginController@login');

(2) LoginController. php

Modify the login method and return different content based on different requests.

If the request method is get, the login page is returned. If the request is post, verification is performed.

use Illuminate\Support\Facades\Input;public function login(){        if($input = Input::all()){            dd($input);        }else {            return view('admin.login');        }}

Refresh the page. If the following is returned

 

This is laravel csrf protection. solution:

Display correctly:

 

2. Check whether the verification code is correct.

(1) LoginController. php, modify the login () method

1 public function login () 2 {3 if ($ input = Input: all () {4 5 $ code = new \ Code (); 6 $ _ code = $ code-> get (); 7 if (strtoupper ($ input ['code'])! = $ _ Code) {8 // The strtoupper () function converts the input letters into uppercase letters. Otherwise, the lower case is incorrect. 9 // back () function returns to the previous request page, use with to bring back the prompt information. The information is saved to 10 return back ()-> with ('msg ', 'verification code error'); 11} else {12 echo' OK '; 13} 14} else {15 16 return view ('admin. login'); 17} 18}

View Code

(2) Modify login. blade. php to get the session

Modify the previous username error:

@if(session('msg'))<p>@endif

Verification:

Summary:

1. If a session parameter is required, the route must be written in the middleware.

For example, when the controller uses the back () functionReturn back ()-> with ('msg ', 'verification code error ');If the route is not in the middleware, there is no session, even if you are at the entrance session_start (), it is useless, and debugging is not good; there is nocsrfOf_token

1 Route: group (['ddleware '=> ['web'], function () {2 3 // The routing should be placed in the middleware, otherwise, session4 5 Route: any ('/admin/login', 'admin \ LoginController @ login') will not be generated; // post parameters must be accepted here, therefore, you must use the hybrid Route 6 Route: get ('/admin/Code', 'admin \ LoginController @ Code'); 7 Route: get ('/Admin/getcode ', 'admin \ LoginController @ getcode'); 8 9 });

2. When introducing a third-party class, if this type of file is useful to the session, you need to enter the session_start () file. This is the simplest solution. Otherwise, you will not be notified.$_SESSION

Link: http://www.itwendao.com/article/detail/116508.html