PHP implements the login form to submit CSRF and verification code, form csrf

PHP implements the login form to submit CSRF and verification code, form csrf

1. submit the form and submit it to this page.

(1) The form attribute method is the post method. Modify the route so that it can receive post and get requests.

Route::any('/admin/login','Admin\LoginController@login');

(2) LoginController. php

Modify the login method and return different content based on different requests.

If the request method is get, the login page is returned. If the request is post, verification is performed.

use Illuminate\Support\Facades\Input;public function login(){  if($input = Input::all()){   dd($input);  }else {   return view('admin.login');  }}

Refresh the page. If the following is returned

This is laravel csrf protection. solution:

Display correctly:

2. Check whether the verification code is correct.

(1) LoginController. php, modify the login () method

Public function login () {if ($ input = Input: all () {$ code = new \ Code (); $ _ code = $ code-> get (); if (strtoupper ($ input ['code'])! = $ _ Code) {// The strtoupper () function converts the input letters into uppercase letters. Otherwise, the lower case is incorrect. // back () function returns to the previous request page, return back ()-> with ('msg ', 'verification code error');} else {echo' OK ';}} else {return view ('admin. login ');}}

(2) Modify login. blade. php to get the session

Modify the previous username error:

@if(session('msg'))<p style="color:red">{{session('msg')}}</p>@endif

Verification:

Summary:

1. If a session parameter is required, the route must be written in the middleware.

For example, when the controller uses the back () function, return back ()-> with ('msg ', 'verification code error'); if the route is not in middleware, there is no session, even if you are at the session_start () entry, it is useless and difficult to debug. There is also the _ token that does not generate csrf.

Route: group (['ddleware '=> ['web'], function () {// The Route must be placed in the middleware. Otherwise, sessionRoute cannot be generated :: any ('/admin/login', 'admin \ LoginController @ login'); // The post parameter must be accepted here, so you must use a hybrid Route :: get ('/admin/Code', 'admin \ LoginController @ Code'); Route: get ('/Admin/getcode ', 'admin \ LoginController @ getcode ');});

2. When introducing a third-party class, if this type of file is useful to the session, you need to enter the session_start () file. This is the simplest solution. Otherwise, you will not know $ _ SESSION.

The above is all the content of this article. I hope this article will help you in your study or work. I also hope to provide more support to the customer's home!