English 中文(简体)
为什么CakePHP身份验证组件没有对我的密码进行哈希处理?
原标题:
  • 时间:2009-03-06 01:47:28
  •  标签:

我正在使用带有 Auth 和 ACL 组件的 CakePHP 1.2。

在我的用户注册操作中,密码是未经哈希处理的。具体来说,这个表达式:

if ($this->data[ User ][ password ] !=
    $this->Auth->password($this->data[ User ][ confirm_password ]))

即使我在密码确认密码中提交相同的值,这也是成立的。我知道密码未被哈希,因为当我删除对Auth->password的调用时,表达式为false。

我期望Auth模块能自动地哈希密码。我做错了什么?

我的看法是:

<?php
    echo $form->create( User , array( action  =>  register ));

    echo $form->input( email ,
                      array( after  => $form->error(
                         email_unique ,  This email is already registered. )));
    echo $form->input( password );
    echo $form->input( confirm_password , array( type  =>  password ));
    echo $form->end( Register );
?>

这是我从用户控制器中的注册行为:

function register(){
    if ($this->data) {
        if ($this->data[ User ][ password ] !=
            $this->Auth->password($this->data[ User ][ confirm_password ])) {

            $this->Session->setFlash(__( Password and Confirm Password must match. , true));
            $this->data[ User ][ password ] =   ;
            $this->data[ User ][ confirm_password ] =   ;
        }
        else{
            $this->User->create();
            if ($this->User->save($this->data)){
                $this->redirect(array( action  =>  index ), null, true);
            }
            else {
                $this->data[ User ][ password ] =   ;
                $this->data[ User ][ confirm_password ] =   ;
                $this->Session->setFlash(__( Some problem saving your information. , true));
            }
        }
    }
}

这是我的appController,其中包括AuthAcl模块:

class AppController extends Controller {
    var $components = array( Acl ,  Auth );

    function beforeFilter(){
        if (isset($this->Auth)) {
            $this->Auth->allow( display );
            $this->Auth->fields =
              array(
                 username  =>  email ,
                 password  =>  password );
            $this->Auth->authorize =  actions ;
        }
    }
}

我做错了什么?

最佳回答

CakePHP不会哈希密码,除非用户名包含已提交的值。我正在用电子邮件替换用户名字段。但是,我通过设置Auth-> fields数组重新映射了那些字段。然而,我是在appController中而不是在userController中进行操作的。因此,必须将此行移动:

$this->Auth->fields = array( username  =>  email ,  password  =>  password );

out of appController into userController solved it.
Now the question becomes "Why can t I reset the Auth->fields in appController?"

时间:2009-03-06 23:05:22
问题回答

您可能正在使用 UsersController::beforeFilter() 覆盖 AppController::beforeFilter()

要“修复”它,只需在函数开头放置parent::beforeFilter()

时间:2009-03-23 15:57:20

您应该在保存到数据库之前对密码进行哈希。将此函数放入您的用户模型中:

function beforeSave() {
  if(isset($this->data[$this->alias][ password ]))
    $this->data[$this->alias][ password ] = Security::hash($this->data[$this->alias][ password ], null, true);
  return true;
}

不要忘记将此代码放置在您的用户控制器的beforeFilter()中:

if(in_array($this->action, array( register ))) {
  $this->Auth->fields = array( username  =>  email ,  password  =>  wrongfield );
}

这意味着在注册过程中(在注册表格验证失败的情况下),密码将不会进行哈希。

时间:2009-03-06 02:29:53

i think you are looking for

hashPasswords ($data)

look at these pages. They should point you in the right direction. You can also try changing your debugging level in the core config file. changing it from 0 (production) to 3 allows you to see you sql output. may be helpful.

AuthComponent-Methods

Cakephp troubleshooting

Sorry i can t do anything but point you in the right direction. I m new to cakephp.

时间:2009-03-06 02:02:55


上一篇:
下一篇:


相关问题
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全