Laravel 深入了解用户认证

跟踪查看用户认证实现

在路由器加个反射 route/web.php

<?php


Route::get('/', function () {
    return view('welcome');
});

Auth::routes();

Route::get('/home', 'HomeController@index');

Route::get('/find/{class}/{action?}',function($class,$action = null){
    if($action == null)
    {
        $ca = new ReflectionClass($class);
    }
    else
    {
        $ca = new ReflectionMethod($class, $action);
    }
    dd($ca);
});

 看到 Auth::routes() 查找 Auth 的 routes 方法

在浏览器输入 http://localhost/find/auth/routes  得到

打开文件我可以查看到

其实 就是 

Route::auth(); 
Route::get('/', function () {
    return view('welcome');
});

//Auth::routes();
Route::auth();

Route::get('/home', 'HomeController@index');

Route::auth() 调用Illuminate/Routing/Router类的auth方法

Auth\LoginController的 login 方法
public function login(Request $request)
{
//VDL 验证请求的数据
$this->validateLogin($request);
//HTMLA 查询数据库用户登陆次数错误(1分钟内失败5次)
if ($this->hasTooManyLoginAttempts($request)) {
//FLE 触发事件监听
$this->fireLockoutEvent($request);
//SLR 这方法被调用意味着用户已经超过登录上限,此时方法会 back 到登录页,并携带'登录超过上限,请于58秒后再次登录'这样的提示;
return $this->sendLockoutResponse($request);
}
//AL 查询帐号密码正确性
if ($this->attemptLogin($request)) {
//SLR(1) 重新生成 Session ID 清除错误次数 转到'/home'
return $this->sendLoginResponse($request);
}
//ILA 用户在缓存数据库中的登录次数值,如果存在则加1;不存在,则新增,同时设置过期时间(默认是1分钟)
$this->incrementLoginAttempts($request);
//SFLR 返回表单输出错误的信息
return $this->sendFailedLoginResponse($request);
}

attemptLogin 方法:

Auth::guard()->attempt(
  $request->only('email', 'password'),$request->has('remember')
);
 
attempt方法: Illuminate\Auth\SessionGuard.php
 
    public function attempt(array $credentials = [], $remember = false)
    {
        $this->fireAttemptEvent($credentials, $remember);

        $this->lastAttempted = $user = $this->provider->retrieveByCredentials($credentials);//查询数据库返加USER模型

        // If an implementation of UserInterface was returned, we'll ask the provider
        // to validate the user against the given credentials, and if they are in
        // fact valid we'll log the users into the application and return true.
        if ($this->hasValidCredentials($user, $credentials)) { //确认帐号密码是否正确
            $this->login($user, $remember);//存到session; 设置id (user表的id);设置remmbertoken; 存储user信息

            return true;
        }

        // If the authentication attempt fails we will fire an event so that the user
        // may be notified of any suspicious attempts to access their account from
        // an unrecognized user. A developer may listen to this event as needed.
        $this->fireFailedEvent($user, $credentials);

        return false;
    }

 

 
 
 
posted @ 2017-07-24 22:32  夜愿生  阅读(728)  评论(0)    收藏  举报