如果Auth :: user()检索已通过身份验证的用户或为null,为什么还要使用Auth :: check()?
[英]Why use Auth::check() if Auth::user() retrieves already authenticated user or null?
问题描述
Just to clarify the question, are the following statements equivalent, or am I missing something and introducing a security hole? 
只是为了澄清问题,以下陈述是否等效,或者我是否缺少某些内容并引入了安全漏洞?
// 1
if(Auth::user()){
// do something
}
// 2
if(Auth::check() && Auth::user()){
// do something
}
2 个解决方案
解决方案1
1 已采纳 2016-04-15 20:21:16
Let's take a quick peek under the hood 让我们快速浏览一下
public function check()
{
return ! is_null($this->user());
}
So as you can see, all that check does, is check for null. 正如您所看到的,检查所要做的只是检查null。 Using Auth::check() is much easier when all you need to know if whether they are auth'd. 当您只需要知道是否通过身份Auth::check()使用Auth::check()就容易得多。 It would make no sense to return an object if you're not going to use it. 如果您不打算使用对象,则返回该对象是没有意义的。
解决方案2
0 2016-04-15 20:21:09
the statement Auth::Check() just returns if user is logged in or not. 语句Auth :: Check()仅返回用户是否登录。
Auth::user() returns the user that's logged in, if have one. Auth :: user()返回已登录的用户(如果有)。
$user_name = Auth::user()->name;
and you can retrieve user's data. 您可以检索用户的数据。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.