更新用户时 Laravel 空密码被散列
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/26381051/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Laravel empty password being hashed when updating user
提问by Anonymous
When I'm updating my model-bound form with
当我更新我的模型绑定表单时
$user->update(Input::all())
My password field is re-hashed, even when it's empty. I have set my User.php class to automatically hash that field, but shouldn't it be skipped since the field is empty?
我的密码字段被重新散列,即使它是空的。我已将 User.php 类设置为自动散列该字段,但由于该字段为空,所以不应该跳过它吗?
采纳答案by Marcin Nabia?ek
You could use in this case:
在这种情况下,您可以使用:
Input::except('password')
so in your controller you could do it this way:
所以在你的控制器中你可以这样做:
if (trim(Input::get('password')) == '') {
$data = Input::except('password');
}
else {
$data = Input::all();
}
$user->update($data);
However you should consider other possible issues for that. In this case if user send input with idname (and anyone can do it even if you don't have such field in your form) he could change easily other users passwords/accounts and destroy your whole data.
但是,您应该为此考虑其他可能的问题。在这种情况下,如果用户发送带有id姓名的输入(即使您的表单中没有这样的字段,任何人都可以这样做),他可以轻松更改其他用户的密码/帐户并破坏您的整个数据。
You should use in your Usermodel at least:
您User至少应该在模型中使用:
protected $guarded = array('id');
to protect user id from being changed during mass assignmentbut maybe there are also some other fields you would like to protect (you should list them in $guardedarray.
以保护用户 ID 在批量分配期间不被更改, 但也许还有一些其他字段您想保护(您应该将它们列在$guarded数组中。
For me much better option in this case is using standard user updating:
在这种情况下,对我来说更好的选择是使用标准用户更新:
$user = User::find($id);
if (trim(Input::get('password')) != '') {
$user->password = Hash::make(trim(Input::get('password')));
}
$user->name = Input::get('name');
// and so on - this way you know what you are changing and you won't change something you don't want to change
$user->save();
回答by polyesterhat
Just as Tom Bird commented, here's some code for an example.
正如 Tom Bird 评论的那样,这里有一些示例代码。
If you use a mutator like setPasswordAttribute()method in your model then you can do this:
如果您setPasswordAttribute()在模型中使用类似 mutator 的方法,则可以执行以下操作:
public function setPasswordAttribute($password)
{
if (!empty($password))
{
$this->attributes['password'] = bcrypt($password);
}
}
This will prevent a new password from being hashed. This setPasswordAttribute() method is called a "mutator" and became available in Laravel 4.2 from what I see. http://laravel.com/docs/4.2/eloquent
这将防止新密码被散列。这个 setPasswordAttribute() 方法被称为“mutator”,从我所见,它在 Laravel 4.2 中可用。http://laravel.com/docs/4.2/eloquent
回答by RMcLeod
Because you have sent all of the input to the user model it assumes you want to update all fields including the password even though it is an empty string, it is possible to hash an empty string.
因为您已将所有输入发送到用户模型,所以它假定您想要更新包括密码在内的所有字段,即使它是一个空字符串,也可以散列一个空字符串。
You need to check if the password is empty and if it is use Input::except('password')
您需要检查密码是否为空以及是否使用Input::except('password')
回答by Dharmesh Rakholia
public function update($id)
{
$register = Register::findOrFail($id);
if (empty(Request::get('password'))) {
$data = Request::except('password');
} else {
$data = Request::all();
}
$register->update($data);
return redirect('register');
}
