用laravel登录系统

Question

我有一个系统登录这里，系统工作，但当我输入电子邮件数据随机进入我的系统错误(在那里必须回滚登录和显示消息)。但是，当我输入一个随机密码和真正的电子邮件，我的代码，它的工作，我的意思是我的，如果。如何修复电子邮件？

在这里，我的登录代码视图：

        @if ( Session::get('message') != '' )
        <div class='alert alert-warning'>
            {{ Session::get('message') }}
        </div>  
        @endif 

        <p class="login-box-msg">Login untuk masuk</p>
        <form action="{{ action('LoginController@postLogin') }}" method="post">
          <input type="hidden" name="_token" value="{{ csrf_token() }}" />
          <div class="form-group has-feedback">
            <input type="text" class="form-control" name='email' required placeholder="Email"/>
            <span class="glyphicon glyphicon-user form-control-feedback"></span>
          </div>
          <div class="form-group has-feedback">
            <input type="password" class="form-control" name='password' required />
            <span class="glyphicon glyphicon-lock form-control-feedback"></span>
          </div>
          <div class="row">
            <div class="col-xs-8 hide">    
              <div class="checkbox icheck">
                <label>
                  <input type="checkbox"> Remember Me
                </label>
              </div>                        
            </div><!-- /.col -->
            <div class="col-xs-4">
              <button type="submit" class="btn btn-primary btn-block btn-flat">Sign In</button>
            </div><!-- /.col -->
          </div>
        </form>

        <br/>
        <!--a href="#">I forgot my password</a-->

      </div><!-- /.login-box-body -->
    </div><!-- /.login-box -->

这是我的控制器：

public function getIndex()
    {
        if(Session::get('admin_id')!='') return redirect('/');

        $data['page_title'] = "Login Area";
        return view('login',$data);
    }

    public function postLogin() {
        $email      = Request::get('email');
        $password   = Request::get('password');

        if($email && $password) {
            $users = cms_users::whereRaw("email = '$email'")->first();
            if(!Hash::check($password,$users->password)) 
            {
                return redirect('/')->with('message', 'Gagal login email atau password salah !');
            }else{
                Session::put('admin_id',$users->id);
                Session::put('name',$users->name);
                Session::put('email',$users->email);
                Session::put('photo',$users->photo);
                Session::put('username',$users->username);
                return redirect('companies');
            }
        }else{
            return redirect('/')->with('message', 'Anda belum mengisi email dan password dengan benar !');
        }
    }

Answer 1

$users = cms_users::whereRaw("email = '$email'")->first();替换为$users = cms_users::where("email", $email)->first();

也不检查DB中是否存在用户。

$user = cms_users::where("email", $email)->first();
if($user){
    if(!Hash::check($password,$users->password)) {
        return redirect('/')->with('message', 'Gagal login email atau password salah !');
    }
    ...
} else{
     //redirect because user with input email is empty in DB
}