1. 首页
  2. 问答
  3. Yii2中的错误请求(#400)尝试登录时

Yii2中的错误请求(#400)尝试登录时

2015-06-23 36 views
4

我收到错误的请求(#400)错误,我尝试登录到系统中。我在本地主机上工作。Yii2中的错误请求(#400)尝试登录时

主要布局:

<html lang="<?= Yii::$app->language ?>"> 
    <head> 
     <meta charset="<?= Yii::$app->charset; ?>"> 
     <meta name="viewport" 
       content="width=device-width, initial-scale=1, maximum-scale=1"/> 
     <?= Html::csrfMetaTags(); ?> 
     <title><?= Html::encode($this->title); ?></title> 
     <?php $this->head(); ?> 
    </head> 
    <body></body> 
</html>

视图(login.php):

<?php 

use yii\helpers\Html; 
use yii\bootstrap\ActiveForm; 

$this->title = 'Login'; 
$this->params['breadcrumbs'][] = $this->title; ?> 

<div class="container w-xxl w-auto-xs"> 
    <a href class="navbar-brand block m-t">OpenXcell Pvt. Ltd.</a> 
    <div class="m-b-lg"> 
     <div class="wrapper text-center"> 
      <strong>Sign in to get in touch</strong> 
     </div> 
     <form action="/advanced/admin/site/login" 
       method="post" 
       name="form" 
       class="form-validation"> 
      <div class="list-group list-group-sm"> 
       <div class="list-group-item"> 
        <input type="text" placeholder="Email" required 
          class="form-control no-border" name="username"> 
       </div> 
       <div class="list-group-item"> 
        <input type="password" placeholder="Password" required 
          class="form-control no-border" name="password"> 
       </div> 
      </div> 
      <button type="submit" class="btn btn-lg btn-primary btn-block"> 
       Log in 
      </button> 
     </form> 
    </div> 
</div>

站点控制器:

<?php namespace backend\controllers; 

use Yii; 
use yii\filters\AccessControl; 
use yii\web\Controller; 
use app\models\LoginForm; 
use yii\filters\VerbFilter; 

class SiteController extends Controller { 
    public function behaviors() { 
     return [ 
      'access' => [ 
       'class' => AccessControl::className(), 
       'rules' => [ 
        [ 
         'actions' => ['login', 'error'], 
         'allow' => true 
        ], 
        [ 
         'actions' => ['logout', 'index'], 
         'allow' => true, 
         'roles' => ['@'] 
        ] 
       ] 
      ], 
      'verbs' => [ 
       'class' => VerbFilter::className(), 
       'actions' => ['logout' => ['post']] 
      ] 
     ]; 
    } 

    public function actions() { 
     return ['error' => ['class' => 'yii\web\ErrorAction']]; 
    } 

    public function actionIndex() { 
     return $this->render('index'); 
    } 

    public function actionLogin() { 
     $model = new LoginForm(); 
     if ($model->load(Yii::$app->request->post()) && $model->login()) { 
      return $this->goBack(); 
     } else { 
      return $this->render('login', ['model' => $model]); 
     } 
    } 

    public function actionLogout() { 
     Yii::$app->user->logout(); 
     return $this->goHome(); 
    } 
}

型号:

<?php namespace app\models; 

use Yii; 
use yii\base\Model; 

class LoginForm extends Model { 
    public $username; 
    public $password; 
    public $rememberMe = true; 
    private $_user = false; 

    public function rules() { 
     return [ 
      [['username', 'password'], 'required'], 
      ['rememberMe', 'boolean'], 
      ['password', 'validatePassword'] 
     ]; 
    } 

    public function validatePassword($attribute, $params) { 
     if (!$this->hasErrors()) { 
      $user = $this->getUser(); 
      if (!$user || !$user->validatePassword($this->password)) { 
       $this->addError($attribute, 'Incorrect username or password.'); 
      } 
     } 
    } 

    public function login() { 
     $duration = $this->rememberMe ? 3600 * 24 * 30 : 0; 
     if ($this->validate()) { 
      return Yii::$app->user->login($this->getUser(), $duration); 
     } else { 
      return false; 
     } 
    } 

    public function getUser() { 
     if ($this->_user === false) { 
      $this->_user = User::findByUsername($this->username); 
     } 
     return $this->_user; 
    } 
}

为什么我得到这个错误?我的代码有什么问题?

来源

2015-06-23 Pathik Vejani

回答

4

Add CSRF token。如果你不希望使用ActiveForm,则显式添加此令牌(在的ActiveForm的情况下使用,令牌将被自动添加):

<form action="" method="post"> 
    <input type ="hidden" 
      name ="<?php echo Yii::$app->request->csrfParam; ?>" 
      value="<?php echo Yii::$app->request->csrfToken; ?>"> 
</form>

要禁用CSRF验证整个控制器:

class DemoController extends Controller { 
    public $enableCsrfValidation = false; 
}

要为某个动作禁用CSRF验证:

class DemoController extends Controller { 
    public function beforeAction($action) { 
     if (in_array($action->id, ['example'])) { 
      $this->enableCsrfValidation = false; 
     } 
     return parent::beforeAction($action); 
    } 
}

另外,阅读约security-passwords

来源

2015-06-23 11:35:14 Oleksandr

3

在您添加令牌的情况:

<input type="hidden" 
     name="_csrf" 
     value="<?php echo Yii::$app->request->getCsrfToken() ?>">

而你仍然有这个问题,你需要的HTML标记之前添加:

<?php $this->beginPage() ?>

在html标签后,你的布局文件:

<?php $this->endPage() ?>

我终于在与这个问题斗争了近一天后终于明白了这一点。

下面是一个简单的布局文件:

<?php $this->beginPage() ?> 
<!DOCTYPE html> 
<html lang="<?= Yii::$app->language ?>"> 
    <head> 
     <meta charset="<?= Yii::$app->charset ?>"> 
     <meta name="viewport" content="width=device-width, initial-scale=1"> 
     <?= Html::csrfMetaTags() ?> 
     <title><?= Html::encode($this->title) ?></title> 
     <?php $this->head() ?> 
    </head> 
    <body> 
     <?php $this->beginBody() ?> 
     <?= $content ?> 
     <?php $this->endBody() ?> 
    </body> 
</html> 
<?php $this->endPage() ?>

来源

2016-02-23 20:02:22

-1

只需添加这将解决该问题:

class DemoController extends Controller { 

    public $enableCsrfValidation = false; 

}

希望这对你的作品!

来源

2018-01-04 11:29:33

相关问题

 相关问题