为什么 CakePHP 身份验证组件不散列我的密码?
我正在使用 CakePHP 1.2 以及 Auth 和 ACL 组件。
在我的用户注册操作中,密码未经过哈希处理。 具体来说,这个表达式:
if ($this->data['User']['password'] !=
$this->Auth->password($this->data['User']['confirm_password']))
即使我为 password 和 confirm_password 提交相同的值,This 的计算结果仍为 true。 我知道密码未经过哈希处理,因为当我删除对 Auth->password 的调用时,表达式的计算结果为 false。
我希望 Auth 模块能够自动对密码进行哈希处理。 我究竟做错了什么?
这是我的观点:
<?php
echo $form->create('User', array('action' => 'register'));
echo $form->input('email',
array('after' => $form->error(
'email_unique', 'This email is already registered.')));
echo $form->input('password');
echo $form->input('confirm_password', array('type' => 'password'));
echo $form->end('Register');
?>
这是我在用户控制器中的注册操作:
function register(){
if ($this->data) {
if ($this->data['User']['password'] !=
$this->Auth->password($this->data['User']['confirm_password'])) {
$this->Session->setFlash(__('Password and Confirm Password must match.', true));
$this->data['User']['password'] = '';
$this->data['User']['confirm_password'] = '';
}
else{
$this->User->create();
if ($this->User->save($this->data)){
$this->redirect(array('action' => 'index'), null, true);
}
else {
$this->data['User']['password'] = '';
$this->data['User']['confirm_password'] = '';
$this->Session->setFlash(__('Some problem saving your information.', true));
}
}
}
}
这是我的 appController,其中包含 Auth 和 Acl 模块:
class AppController extends Controller {
var $components = array('Acl', 'Auth');
function beforeFilter(){
if (isset($this->Auth)) {
$this->Auth->allow('display');
$this->Auth->fields =
array(
'username' => 'email',
'password' => 'password');
$this->Auth->authorize = 'actions';
}
}
}
我究竟做错了什么?
I'm using CakePHP 1.2 with Auth and ACL components.
In my user register action, the password is coming in unhashed. Specifically, this expression:
if ($this->data['User']['password'] !=
$this->Auth->password($this->data['User']['confirm_password']))
This is evaluating to true, even when I submit identical values for password and confirm_password. I know that password is unhashed because when I remove the call to Auth->password, the expression evaluates to false.
I expected the Auth module to automagically hash the password. What am I doing wrong?
Here is my view:
<?php
echo $form->create('User', array('action' => 'register'));
echo $form->input('email',
array('after' => $form->error(
'email_unique', 'This email is already registered.')));
echo $form->input('password');
echo $form->input('confirm_password', array('type' => 'password'));
echo $form->end('Register');
?>
Here is my register action from the user controller:
function register(){
if ($this->data) {
if ($this->data['User']['password'] !=
$this->Auth->password($this->data['User']['confirm_password'])) {
$this->Session->setFlash(__('Password and Confirm Password must match.', true));
$this->data['User']['password'] = '';
$this->data['User']['confirm_password'] = '';
}
else{
$this->User->create();
if ($this->User->save($this->data)){
$this->redirect(array('action' => 'index'), null, true);
}
else {
$this->data['User']['password'] = '';
$this->data['User']['confirm_password'] = '';
$this->Session->setFlash(__('Some problem saving your information.', true));
}
}
}
}
And here is my appController where I include the Auth and Acl modules:
class AppController extends Controller {
var $components = array('Acl', 'Auth');
function beforeFilter(){
if (isset($this->Auth)) {
$this->Auth->allow('display');
$this->Auth->fields =
array(
'username' => 'email',
'password' => 'password');
$this->Auth->authorize = 'actions';
}
}
}
What am I doing wrong?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
CakePHP 不会对密码进行哈希处理,除非用户名包含提交的值。 我正在用电子邮件替换用户名字段。 但是,我通过设置 Auth->fields 数组重新映射了这些字段。 但是,我是在 appController 而不是 userController 中执行此操作。 因此,将这一行:
从 appController 移到 userController 中解决了它。
现在问题变成了“为什么我不能重置 appController 中的 Auth-> 字段?”
CakePHP won't hash passwords unless username contains a submitted value. I'm replacing the username field with email. However, I remapped those fields by setting the Auth->fields array. However, I was doing that in the appController instead of userController. So moving this line:
out of appController into userController solved it.
Now the question becomes "Why can't I reset the Auth->fields in appController?"
您可能会使用
UsersController::beforeFilter()覆盖AppController::beforeFilter()。要“修复”它,只需将
parent::beforeFilter()放在函数的开头即可。You're probably overriding
AppController::beforeFilter()with yourUsersController::beforeFilter().To "fix" it, just put
parent::beforeFilter()at the beginning of the function.您应该在保存到数据库之前对密码进行哈希处理。 将此函数放入您的用户模型中:
并且不要忘记将其放入您的用户控制器的
beforeFilter()中:这意味着密码在注册过程中不会被散列(如果验证失败)登记表)。
You should hash password before saving to database. Place this function into your User model:
And don't forget to put this in
beforeFilter()to your users controller:That means that password will NOT be hashed during registration process (in case of failed validation of register form).
我认为您正在寻找
查看这些页面。 他们应该为您指明正确的方向。 您还可以尝试更改核心配置文件中的调试级别。 将其从 0(生产)更改为 3 可以让您看到 sql 输出。 可能会有帮助。
AuthComponent-Methods
Cakephp 故障排除
抱歉,我无能为力,只能为您指明正确的方向。 我是 cakephp 的新手。
i think you are looking for
look at these pages. They should point you in the right direction. You can also try changing your debugging level in the core config file. changing it from 0 (production) to 3 allows you to see you sql output. may be helpful.
AuthComponent-Methods
Cakephp troubleshooting
Sorry i can't do anything but point you in the right direction. I'm new to cakephp.