将 ACL 添加到 CakePHP 应用程序

发布于 2024-10-16 21:51:59 字数 726 浏览 6 评论 0原文

因此,到目前为止,我一直在开发一个访问控制很糟糕的应用程序,并且需要尽快找到合适的解决方案。我已经按照 Cookbook 中的教程添加了 CakePHP Auth 和 Acl 组件,一切都运行得很好,就好像我手动添加用户一样,它会在 aros 表中适当地创建一个条目,SHA1 对密码进行哈希处理适当地,所有的好东西。

现在证明有点超出了我的技能水平。我们的数据库中有 1000 多个姓名需要成为新系统下的用户。我尝试使用 MySQL 查询将它们转储到 Users 表中,但有两个问题:

(1) 这样做不会在 aros 表中创建条目。我很确定我可以在给定的时间内将其设置为工作,但是有什么我可能想知道的捷径吗?

(2) 这就是让我挠头的地方。当我手动添加用户时,他们的密码会自动进行 SHA1 哈希处理。当我从用户/登录页面登录时,我输入的密码与数据库中的哈希密码正确匹配,并且我可以访问。但是,无论我对直接转储到数据库中的密码做什么,我都无法获得登录页面来授予对它们的访问权限。最初我使用 MySQL SHA1 函数对它们进行哈希处理;我知道这可能不是一个好主意,因为蛋糕撒了额外的盐。我尝试通过 Cake 的 Security::hash 函数对它们进行哈希处理。我尝试让 Cake 将每个密码保存到 Users 表本身中,让它在幕后进行任何它想要的哈希处理,而不受我的干扰。

在这些情况下,我都无法使用这些用户名/密码组合之一登录。密码看起来不错并且经过哈希处理,并且它们与我在应用 Security::hash 后输入的密码相匹配。缺少什么才能使我能够正常工作?

So I've been working on an application that has woeful access control up till now, and needs a proper solution ASAP. I've added in the CakePHP Auth and Acl components as per the tutorial in the Cookbook, and it all works pretty well, insofar as if I add a user manually, it creates an entry in the aros table appropriately, SHA1-hashes the password appropriately, all the good stuff.

Now for the bit that's proving a little beyond my skill level. We have 1000+ names in a database that need to become Users under the new system. I tried dumping them into the Users table with a MySQL query, but there are two issues:

(1) Doing things this way is not creating entries in the aros table. I'm pretty sure I can rig this up to work given time, but are there any shortcuts I might want to know about?

(2) This is the one that's causing me to scratch my head. When I add a user manually, their password is automagically SHA1-hashed. When I log in from the users/login page, the password I enter is correctly matched to the hashed password in the db, and I get access. However, no matter what I do to the passwords I dumped directly into the database, I can't get the log in page to grant access to them. Initially I hashed them with the MySQL SHA1 function; I understand this may not be a good idea, because Cake sprinkles in extra salt. I tried hashing them through Cake's Security::hash function. I tried letting Cake save each password into the Users table itself, letting it do whatever hashing it wanted behind the scenes without interference from me.

In none of these cases am I able to log in using one of these username/password combos. The passwords look good and hashed, and they match the passwords I'm entering after I apply Security::hash to them. What am missing that will enable me to get this working?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

清浅ˋ旧时光 2024-10-23 21:51:59

如果我处于您的位置,我会构建一个 Shell 来为您处理此操作,这样您就可以利用 Cake 拥有的所有功能,例如自动添加新的 ARO 记录并使用 < code>Security::hash 在保存记录之前处理哈希。

If I were in your position I'd build a Shell to handle doing this for you, that way you can utilize all of the stuff Cake has through that such as automatically adding a new ARO record and using Security::hash to handle the hashing prior to saving the record.

別甾虛僞 2024-10-23 21:51:59

根据记录,这不是散列的问题。我在保存时没有指定 usergroup_id (计划稍后设置!)。我猜您无法使用不属于用户组的帐户登录,即使您的用户名/密码组合正确。

For the record, it wasn't a problem with hashing. I wasn't specifying the usergroup_id at the point of saving (was planning to set it later!). I guess you can't log in with an account that isn't part of a usergroup, even if your username/password combo is correct.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文