tl;dr
您不能在传递给的数组中执行此操作Auth::attempt()
,因为在框架中硬编码为在生成的查询中使用相等比较。
全面审查
框架实施
The attempt()
函数实现于Illuminate/Auth/Guard.php
.
public function attempt(array $credentials = array(), $remember = false, $login = true)
{
$this->fireAttemptEvent($credentials, $remember, $login);
$this->lastAttempted = $user = $this->provider->retrieveByCredentials($credentials);
// If an implementation of UserInterface was returned, we'll ask the provider
// to validate the user against the given credentials, and if they are in
// fact valid we'll log the users into the application and return true.
if ($this->hasValidCredentials($user, $credentials))
{
if ($login) $this->login($user, $remember);
return true;
}
return false;
}
在这里你可以看到一个呼吁$this->provider->retrieveByCredentials($credentials);
. The retrieveByCredentials()
函数实现于Illuminate/Auth/DatabaseUserProvider.php
.
public function retrieveByCredentials(array $credentials)
{
// First we will add each credential element to the query as a where clause.
// Then we can execute the query and, if we found a user, return it in a
// generic "user" object that will be utilized by the Guard instances.
$query = $this->conn->table($this->table);
foreach ($credentials as $key => $value)
{
if ( ! str_contains($key, 'password'))
{
$query->where($key, $value);
}
}
// Now we are ready to execute the query to see if we have an user matching
// the given credentials. If not, we will just return nulls and indicate
// that there are no matching users for these given credential arrays.
$user = $query->first();
if ( ! is_null($user))
{
return new GenericUser((array) $user);
}
}
在这里你可以看到你传递给的数组Auth::attempt()
被处理在foreach
并且每个键值对都被添加为WHERE
查询的子句。因为它是用一个$query->where($key, $value);
调用时,仅限于相等比较。
可能的解决方案
解决方法是将这一行更改为:
$query->where($key, $value['operator'], $value['value']);
然后你可以重构给出的数组Auth::attempt()
.
$auth = Auth::attempt(array(
'email' => array(
'value' => Input::get('email'),
'operator' => '='
),
'password' => array(
'value' => Input::get('password'),
'operator' => '='
),
'active' => array(
'value' => 0,
'operator' => '>'
)
), $remember);
这样做的问题是您必须重写使用该数组的所有其他函数,因此您最终会得到一个自定义解决方案。通过这种努力,您可以编写自己的身份验证查询或检查active
after Auth::attempt()
.