我在尝试登录系统时收到错误请求 (#400)错误。我正在本地主机上工作。
主要布局:
<html lang="<?= Yii::$app->language ?>">
<head>
<meta charset="<?= Yii::$app->charset; ?>">
<meta name="viewport"
content="width=device-width, initial-scale=1, maximum-scale=1"/>
<?= Html::csrfMetaTags(); ?>
<title><?= Html::encode($this->title); ?></title>
<?php $this->head(); ?>
</head>
<body></body>
</html>
视图 ( login.php):
<?php
use yii\helpers\Html;
use yii\bootstrap\ActiveForm;
$this->title = 'Login';
$this->params['breadcrumbs'][] = $this->title; ?>
<div class="container w-xxl w-auto-xs">
<a href class="navbar-brand block m-t">OpenXcell Pvt. Ltd.</a>
<div class="m-b-lg">
<div class="wrapper text-center">
<strong>Sign in to get in touch</strong>
</div>
<form action="/advanced/admin/site/login"
method="post"
name="form"
class="form-validation">
<div class="list-group list-group-sm">
<div class="list-group-item">
<input type="text" placeholder="Email" required
class="form-control no-border" name="username">
</div>
<div class="list-group-item">
<input type="password" placeholder="Password" required
class="form-control no-border" name="password">
</div>
</div>
<button type="submit" class="btn btn-lg btn-primary btn-block">
Log in
</button>
</form>
</div>
</div>
站点控制器:
<?php namespace backend\controllers;
use Yii;
use yii\filters\AccessControl;
use yii\web\Controller;
use app\models\LoginForm;
use yii\filters\VerbFilter;
class SiteController extends Controller {
public function behaviors() {
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['login', 'error'],
'allow' => true
],
[
'actions' => ['logout', 'index'],
'allow' => true,
'roles' => ['@']
]
]
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => ['logout' => ['post']]
]
];
}
public function actions() {
return ['error' => ['class' => 'yii\web\ErrorAction']];
}
public function actionIndex() {
return $this->render('index');
}
public function actionLogin() {
$model = new LoginForm();
if ($model->load(Yii::$app->request->post()) && $model->login()) {
return $this->goBack();
} else {
return $this->render('login', ['model' => $model]);
}
}
public function actionLogout() {
Yii::$app->user->logout();
return $this->goHome();
}
}
模型:
<?php namespace app\models;
use Yii;
use yii\base\Model;
class LoginForm extends Model {
public $username;
public $password;
public $rememberMe = true;
private $_user = false;
public function rules() {
return [
[['username', 'password'], 'required'],
['rememberMe', 'boolean'],
['password', 'validatePassword']
];
}
public function validatePassword($attribute, $params) {
if (!$this->hasErrors()) {
$user = $this->getUser();
if (!$user || !$user->validatePassword($this->password)) {
$this->addError($attribute, 'Incorrect username or password.');
}
}
}
public function login() {
$duration = $this->rememberMe ? 3600 * 24 * 30 : 0;
if ($this->validate()) {
return Yii::$app->user->login($this->getUser(), $duration);
} else {
return false;
}
}
public function getUser() {
if ($this->_user === false) {
$this->_user = User::findByUsername($this->username);
}
return $this->_user;
}
}
为什么我收到这个错误?我的代码有什么问题?
添加CSRF令牌。如果您不想使用ActiveForm,则显式添加此令牌(如果使用 ActiveForm,将自动添加该令牌):
<form action="" method="post">
<input type ="hidden"
name ="<?php echo Yii::$app->request->csrfParam; ?>"
value="<?php echo Yii::$app->request->csrfToken; ?>">
</form>
要禁用整个控制器的CSRF验证:
class DemoController extends Controller {
public $enableCsrfValidation = false;
}
要为某个操作禁用CSRF验证:
class DemoController extends Controller {
public function beforeAction($action) {
if (in_array($action->id, ['example'])) {
$this->enableCsrfValidation = false;
}
return parent::beforeAction($action);
}
}
另外,请阅读security-passwords。