Cakephp Auth hashPasswords 重写问题

发布于 2024-11-17 18:09:53 字数 1819 浏览 0 评论 0原文

我一直在使用这个教程来重写我的登录/注销处理模型中的身份验证和匹配密码的功能。

现在它完美地添加了用户，但登录时用户名/密码字段被拒绝。看来登录函数正在寻找与我的新 hashPasswords() 函数存储的不同的哈希密码。关于可能出现的问题有什么建议吗？

这是一个相当标准的设置。感谢您的帮助！

代码的相关部分：

用户模型：

var $validate = array(
    'password' => array(
        'The Password must be filled' =>array(            
            'rule' => 'notEmpty',
            'message' => 'Please supply a valid password.'
        ),
        'The Password must be between 5 and 15 characters' => array(
            'rule' => array('between', 5, 15),
            'message' => 'The password must be between 5 and 15 characters.'
        ),
        'The passwords do not match' => array(
            'rule' => 'matchPasswords',
            'message' => 'The passwords do not match.'
        )       
    ),

function hashPasswords($data) {
    if (isset($this->data['User']['password'])) {
        $this->data['User']['password'] = Security::hash($this->data['User']['password'], NULL, TRUE);
        return $data;
    }
    return $data;
}

function beforeSave() {
    $this->hashPasswords(NULL, TRUE);
    return TRUE;
}

用户控制器：

function beforeFilter() {
    parent::beforeFilter();
    if ($this->action == 'add' || $this->action == 'edit' ) {
        $this->Auth->authenticate = $this->User;
    }
}


function add() {
    if (!empty($this->data)) {

        if ($this->User->save($this->data)) {
                $this->Session->setFlash('Your Account Has Been Created.');
                $this->redirect(array('action' => 'homepage'));
        }
    }
}

function login() {

}

原文

I've been using this tutorial to rewrite my login/logout functionality to handle authentication and matching passwords in the model.

It now adds the user perfectly, but upon login the username/password fields are rejected. It seems the login function is looking for a differently hashed password than my new hashPasswords() function is storing. Any suggestions on what the problem could be?

It's a fairly standard setup. Thanks for any help!

Pertinent Sections of code:

User Model:

var $validate = array(
    'password' => array(
        'The Password must be filled' =>array(            
            'rule' => 'notEmpty',
            'message' => 'Please supply a valid password.'
        ),
        'The Password must be between 5 and 15 characters' => array(
            'rule' => array('between', 5, 15),
            'message' => 'The password must be between 5 and 15 characters.'
        ),
        'The passwords do not match' => array(
            'rule' => 'matchPasswords',
            'message' => 'The passwords do not match.'
        )       
    ),

function hashPasswords($data) {
    if (isset($this->data['User']['password'])) {
        $this->data['User']['password'] = Security::hash($this->data['User']['password'], NULL, TRUE);
        return $data;
    }
    return $data;
}

function beforeSave() {
    $this->hashPasswords(NULL, TRUE);
    return TRUE;
}

Users Controller:

function beforeFilter() {
    parent::beforeFilter();
    if ($this->action == 'add' || $this->action == 'edit' ) {
        $this->Auth->authenticate = $this->User;
    }
}


function add() {
    if (!empty($this->data)) {

        if ($this->User->save($this->data)) {
                $this->Session->setFlash('Your Account Has Been Created.');
                $this->redirect(array('action' => 'homepage'));
        }
    }
}

function login() {

}

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

染年凉城似染瑾 2024-11-24 18:09:53

我还没有看过视频，但是 -

当 $this->data['User'] 有一个 '用户名' 和 '密码' 数组，并用于保存用户时 - cake 实际上对密码进行了哈希处理。可能发生的情况是您的散列密码再次被散列 - 请查看 hashPassword

就密码匹配而言 - 实际上在客户端执行此操作要容易得多，因为它们没有经过哈希处理（有很多 Jquery 函数可以验证表单）。您甚至可以编写一个简单的：

if($this->data['User']['password'] != $this->data['User']['password_conf']{
    $this->Session->setFlash('Passwords do not match');
} else {
    //save user etc
}

如果您想在模型中进行验证，那么当然可以编写一个自定义验证规则 - 但密码将再次为您进行哈希处理 - 您只需要比较非哈希版本，看看是否它们匹配，如果匹配则返回 true。

另外 - 每个人都有完全不同的用户身份验证方式 - 首先也是最重要的是阅读文档 - 有一个关于简单的经过身份验证/ACL 应用程序的优秀教程，大约需要 30 分钟才能完成，应该是任何人的起点。

I haven't seen the video, but -

When $this->data['User'] has a 'username' and 'password' array, and is used to save a user - cake actually hashes the password. What may potentially be happening is your hashed password being hashed again - check out the cake documentation on hashPassword

As far as password matching goes - it is actually far easier to do this on the client side where they aren't hashed (lots of Jquery functions out there that validate forms). You can even go as far as writing a simple:

if($this->data['User']['password'] != $this->data['User']['password_conf']{
    $this->Session->setFlash('Passwords do not match');
} else {
    //save user etc
}

If you want validate in the model, then certainly write a custom validation rule - but again the password will be hashed for you - you only need to compare the non-hashed versions and see if they match, returning true if they do.

Also - everyone has completely different ways of authenticating users - first and foremost read the documentation - there's an excellent tutorial for a simple Authenticated / ACL application which takes about 30 mins to go through and should be anyones starting point.

回复收藏 0 原文

~没有更多了~