Laravel 空密码哈希答案

【问题标题】：Laravel Empty Password hashingLaravel 空密码哈希
【发布时间】：2020-03-05 13:42:39
【问题描述】：

当我尝试更新用户数据并让密码字段为空时，它再次散列，这意味着密码将更改并且您无法再次登录那么有什么办法可以解决这个问题吗？？

代码

$this->validate($request, [
        'first_name'=> 'required|string',
        'last_name' =>  'required|string',
        'email'     =>  'required|email|unique:users,email,'.Auth::id(),
        'password'  =>  'sometimes|nullable|string|min:8,'.Auth::id(),
        'avatar'    =>  'image|mimes:jpg,jpeg,gif,png,svg|max:2048,'.Auth::id(),
        'gender'    =>  'required',
        'country_id'=>  'required',
    ]);

    $user = User::find(Auth::id());

    $user->first_name = $request->first_name;
    $user->last_name = $request->last_name;
    $user->email = $request->email;
    $user->gender = $request->gender;
    $user->country_id = $request->country_id;
    $user->password = bcrypt(request('password'));
    if($request->hasFile('avatar')){
        $avatar = $request->file('avatar');
        $filename = time() . '.' . $avatar->getClientOriginalExtension();
        Image::make($avatar)->resize(300, 300)->save( public_path('/images/avatars/' . $filename ) );
        $user->avatar = $filename;
    }

    $user->save();

    return redirect()->back();

【问题讨论】：

向我们展示一些代码。更新的控制器方法，您正在发送的数据......
@N69S 我更新问题

标签： mysql laravel laravel-5 laravel-6 laravel-6.2

【解决方案1】：

需要先检查请求对象中是否有passoword。

if($request->password){
 $user->password = bcrypt(request('password'));
}

编辑后是这样的：

$this->validate($request, [
    'first_name'=> 'required|string',
    'last_name' =>  'required|string',
    'email'     =>  'required|email|unique:users,email,'.Auth::id(),
    'password'  =>  'sometimes|nullable|string|min:8,'.Auth::id(),
    'avatar'    =>  'image|mimes:jpg,jpeg,gif,png,svg|max:2048,'.Auth::id(),
    'gender'    =>  'required',
    'country_id'=>  'required',
]);

$user = User::find(Auth::id());

$user->first_name = $request->first_name;
$user->last_name = $request->last_name;
$user->email = $request->email;
$user->gender = $request->gender;
$user->country_id = $request->country_id;

if($request->password){
    $user->password = bcrypt(request('password'));
}

if($request->hasFile('avatar')){
    $avatar = $request->file('avatar');
    $filename = time() . '.' . $avatar->getClientOriginalExtension();
    Image::make($avatar)->resize(300, 300)->save( public_path('/images/avatars/' . $filename ) );
    $user->avatar = $filename;
}

$user->save();

return redirect()->back();

【讨论】：

看看这张图片prntscr.com/rc1aoz从secure.phabricator.com/book/phabflavor/article/php_pitfalls做if(!empty($var))相当于if ($var)
没有必要使用!empty，因为request->password被定义了，即使它返回null
@N69S 为什么要投反对票？我的回答有问题吗？
@Joseph 谢谢这解决了我的问题现在密码字段不再散列，如果我让它为空
您在未阅读已有答案的情况下发布了答案。

【解决方案2】：

您可以简单地测试密码是否存在。

$this->validate($request, [
        'first_name'=> 'required|string',
        'last_name' =>  'required|string',
        'email'     =>  'required|email|unique:users,email,'.Auth::id(),
        'password'  =>  'sometimes|nullable|string|min:8,'.Auth::id(),
        'avatar'    =>  'image|mimes:jpg,jpeg,gif,png,svg|max:2048,'.Auth::id(),
        'gender'    =>  'required',
        'country_id'=>  'required',
    ]);

    $user = User::find(Auth::id());

    $user->first_name = $request->first_name;
    $user->last_name = $request->last_name;
    $user->email = $request->email;
    $user->gender = $request->gender;
    $user->country_id = $request->country_id;
    if ($request->password) {
        $user->password = bcrypt($request->password);
    }
    if($request->hasFile('avatar')){
        $avatar = $request->file('avatar');
        $filename = time() . '.' . $avatar->getClientOriginalExtension();
        Image::make($avatar)->resize(300, 300)->save( public_path('/images/avatars/' . $filename ) );
        $user->avatar = $filename;
    }

    $user->save();

    return redirect()->back();

【讨论】：

【解决方案3】：

首先，您可以更改验证规则以检查password 是否存在：

'password'  =>  'sometimes|required|string|min:8',

然后 bcrypt 如果它不为空并且出现在请求中，则使用 $request->filled() 方法：

if ($request->filled('password'))
{
    $user->password = bcrypt($request->password);
}

【讨论】：